Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2017-14852 — Orpak Siteomat: The attack allows for an eavesdropper to capture the communication and decrypt the data.
An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data. CVSSv3.1 8.6 (HIGH) · EPSS 69th percentile
CVE-2017-14851 — Orpak Siteomat: A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25.
A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypass. CVSSv3.1 9.8 (CRITICAL) · EPSS 90th percentile
CVE-2017-14728 — Orpak Siteomat: An authentication bypass was found in an unknown area of the SiteOmat source code.
An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP remote authentication open to public. CVSSv3.1 9.8 (CRITICAL) · EPSS 93th percentile
CVE-2019-6820 — Schneider-electric Modicon_m100_firmware: A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification
A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2 CVSSv3.1 8.2 (HIGH) · EPSS 53th percentile
CVE-2018-16988 — Buffalo Open_xdmod: An authentication bypass (account takeover) exists due to a weak password reset mechanism.
An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile
CVE-2019-11068 — Xmlsoft Libxslt: through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. CVSSv3.1 9.8 (CRITICAL) · EPSS 78th percentile
impacket 0.9.19
Impacket 0.9.19 release adds significant offensive capabilities including resource-based constrained delegation support in GetST.py, NTLM relay improvements with local admin checks, SMB mount point abuse features, and enhanced credential extraction tools. The release represents incremental but meaningful improvements to a foundational red-team toolkit used extensively in domain compromise chains.
CVE-2019-9201 — Phoenixcontact Ilc_131_eth_firmware: Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962
Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories. CVSSv3.1 9.8 (CRITICAL) · EPSS 81th percentile
CVE-2018-17924 — Rockwellautomation Micrologix_1400_firmware: Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat
Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the CVSSv3.1 8.6 (HIGH) · EPSS 25th percentile
CVE-2018-19908 — Misp-project Misp: An issue was discovered in MISP 2.4.9x before 2.4.99.
An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import. CVSSv3.1 8.8 (HIGH) · EPSS 97th percentile
CVE-2018-7798 — Schneider-electric Somachine_basic: A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device. CVSSv3.1 8.2 (HIGH) · EPSS 36th percentile
CVE-2018-3885 — Frappe Erpnext: An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6.
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The order_by parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. CVSSv3.1 8.8 (HIGH) · EPSS 49th percentile
CVE-2018-3884 — Frappe Erpnext: An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6.
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The sort_by and start parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. CVSSv3.1 8.8 (HIGH) · EPSS 49th percentile
CVE-2018-3883 — Frappe Erpnext: An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6.
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The employee and sort_order parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. CVSSv3.1 8.8 (HIGH) · EPSS 49th percentile
CVE-2018-3882 — Frappe Erpnext: An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6.
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The searchfield parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. CVSSv3.1 8.8 (HIGH) · EPSS 49th percentile
CVE-2018-7791 — Schneider-electric Modicon_m221_firmware: The vulnerability allows unauthorized users to overwrite the original password with their password.
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC. CVSSv3.1 9.8 (CRITICAL) · EPSS 58th percentile
CVE-2018-7790 — Schneider-electric Modicon_m221_firmware: The vulnerability allows unauthorized users to replay authentication sequences.
An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC. CVSSv3.1 9.8 (CRITICAL) · EPSS 78th percentile
CVE-2018-8859 — Echelon Smartserver_1_firmware: An attacker can bypass the required authentication specified in the security configuration file by
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile
CVE-2018-8855 — Echelon Smartserver_1_firmware: The devices allow unencrypted Web connections by default, and devices can receive configuration and
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP. CVSSv3.1 9.8 (CRITICAL) · EPSS 35th percentile
CVE-2018-8851 — Echelon Smartserver_1_firmware: The devices store passwords in plaintext, which may allow an attacker with access to
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface. CVSSv3.1 9.8 (CRITICAL) · EPSS 45th percentile
CVE-2018-10627 — Echelon Smartserver_1_firmware: SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product. CVSSv3.1 9.8 (CRITICAL) · EPSS 48th percentile
CVE-2018-12649 — Misp-project Misp: An adversary can bypass the brute-force protection by using a PUT HTTP method instead
An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this protection was only covering POST requests. CVSSv3.1 9.8 (CRITICAL) · EPSS 71th percentile
CVE-2018-3639 — Intel Atom_c: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. CVSSv3.1 5.5 (MEDIUM) · EPSS 98th percentile
CVE-2018-11091 — Mybiz Myprocurenet: An issue was discovered in MyBiz MyProcureNet 5.0.0.
An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for an attacker to upload a script to issue operating system commands. This vulnerability occurs because an attacker is able to adjust the "HiddenFieldControlCustomWhiteListedExtensions" parameter and add arbitrary extensions to the whitelist during the upload. For instance, if the extension .asp is added to the "HiddenFieldControlCustomWhiteLi CVSSv3.1 9.9 (CRITICAL) · EPSS 82th percentile
CVE-2018-1273 — Broadcom Spring_data_commons: An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack. CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile