from:"SBA Research Advisory"

[FD] [SBA-ADV-20190305-01] CVE-2019-13564: Ping Identity Agentless Integration Kit <1.5 Reflected Cross-site Scripting (XSS)

2019-08-30 Thread SBA Research Advisory

# Ping Identity Agentless Integration Kit Reflected Cross-site Scripting (XSS) # Link: https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190305-01_Ping_Identity_Agentless_Integration_Kit_Reflected_XSS ## Vulnerability Overview ## Ping Identity Agentless Integration Kit before

[FD] [SBA-ADV-20180410-01] CVE-2018-17533: Teltonika RUT9XX Reflected Cross-Site Scripting (XSS)

2018-10-11 Thread SBA Research Advisory

# Teltonika RUT9XX Reflected Cross-Site Scripting (XSS) # Link: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting ## Vulnerability Overview ## Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting v

[FD] [SBA-ADV-20180319-02] CVE-2018-17534: Teltonika RUT9XX Missing Access Control to UART Root Terminal

2018-10-11 Thread SBA Research Advisory

# Teltonika RUT9XX Missing Access Control to UART Root Terminal # Link: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-02_Teltonika_Incorrect_Access_Control ## Vulnerability Overview ## Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal

[FD] [SBA-ADV-20180319-01] CVE-2018-17532: Teltonika RUT9XX Unauthenticated OS Command Injection

2018-10-11 Thread SBA Research Advisory

# Teltonika RUT9XX Unauthenticated OS Command Injection # Link: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-01_Teltonika_OS_Command_Injection ## Vulnerability Overview ## Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticate

[FD] : CVE-2015-8298 SQL Injection Vulnerability in RXTEC RXAdmin

2015-11-24 Thread SBA Research Advisory

### RXTEC_20150513 Title: SQL injection vulnerability in the RXTEC RXAdmin Login Page allows remote attackers to execute arbitrary SQL commands via several HTTP parameter. Type of vulnerability: SQL injection # Attack outcome: It is possible to extract all information from the dat

[FD] : CVE-2015-8299 RCE Vulnerability in the KNX management software ETS

2015-11-24 Thread SBA Research Advisory

Title: Remote code execution vulnerability in the KNX management software ETS Category/Abstract: Buffer overflow vulnerability Product: ETS (Engineering Tool Software) Affected versions: * ETS 4.1.5 (Build 3246) *no other versions tested* Fixed in version: *unknown*

[FD] CVE-2015-8300: Polycom BToE Connector v2.3.0 Privilege Escalation Vulnerability

2015-11-24 Thread SBA Research Advisory

Title: Polycom BToE Connector up to version 2.3.0 allows unprivileged windows users to execute arbitrary code with SYSTEM privileges. Type of vulnerability: Privilege Escalation # Exploitation vector: local # Attack outcome: Code execution with SYSTEM privileges. Impact: CVS

[FD] [SBA-ADV-20190305-01] CVE-2019-13564: Ping Identity Agentless Integration Kit <1.5 Reflected Cross-site Scripting (XSS)

[FD] [SBA-ADV-20180410-01] CVE-2018-17533: Teltonika RUT9XX Reflected Cross-Site Scripting (XSS)

[FD] [SBA-ADV-20180319-02] CVE-2018-17534: Teltonika RUT9XX Missing Access Control to UART Root Terminal

[FD] [SBA-ADV-20180319-01] CVE-2018-17532: Teltonika RUT9XX Unauthenticated OS Command Injection

[FD] : CVE-2015-8298 SQL Injection Vulnerability in RXTEC RXAdmin

[FD] : CVE-2015-8299 RCE Vulnerability in the KNX management software ETS

[FD] CVE-2015-8300: Polycom BToE Connector v2.3.0 Privilege Escalation Vulnerability

7 matches

Site Navigation

Mail list logo

Footer information