A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to initiate the attack remotely.
A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched remotely.
A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to privilege escalation. The attack can be launched remotely.
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 10
SEC Consult Vulnerability Lab Security Advisory < 20220609-0 >
=======================================================================
title: Multiple vulnerabilities
product: SoftGuard SNMP Network Management Extension
vulnerable version: SoftGuard Web (SGW) < 5.1.5
fixed version: SoftGuard version 5.1.5 from 2022-06-01
CVE number: CVE-2022-31201, CVE-2022-31202
impact: High…
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 10
SEC Consult Vulnerability Lab Security Advisory < 20220608-0 >
=======================================================================
title: Stored Cross-Site Scripting & Unsafe Java Deserializiation
product: Gentics CMS
vulnerable version: 5.36.29, see section below
fixed version: 5.40.27, 5.41.15, 5.42.7, 5.43.1 or higher
CVE number: CVE-2022-30981, CVE-2022-30982
impact:…
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 10
SEC Consult Vulnerability Lab Security Advisory < 20220607-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Infiray IRAY-A8Z3 thermal camera
vulnerable version: V1.0.957
fixed version: None
CVE number: CVE-2022-31208, CVE-2022-31209, CVE-2022-31210,
CVE-2022-31211
impact: Critical…
Posted by Marco Ivaldi on Jun 10
Dear Full Disclosure,
Find attached a security advisory that details multiple
vulnerabilities we discovered in the zysh shell distributed with some
Zyxel products, including their security appliances.
* Title: Multiple vulnerabilities in Zyxel zysh
* Products: Zyxel firewalls, AP controllers, and APs
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date: 2022-06-07
* CVE Names and Vendor CVSS Scores:
CVE-2022-26531:…
Posted by Moritz Abrell on Jun 10
Advisory ID: SYSS-2022-021
Product: Mitel 6800/6900 Series SIP Phones excluding 6970
Mitel 6900 Series IP (MiNet) Phones
Manufacturer: Mitel Networks Corporation
Affected Version(s): Rel 5.1 SP8 (5.1.0.8016) and earlier
Rel 6.0 (6.0.0.368) to 6.1 HF4 (6.1.0.165)
MiNet 1.8.0.12 and earlier
Tested Version(s):…
Posted by malvuln on Jun 10
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/e0f2bee25dd103d92e91e895e313ec34.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Trojan-Banker.Win32.Banbra.cyt
Vulnerability: Insecure Permissions
Description: The malware writes a batch script “.bat” file to c drive
granting change (C) permissions to the authenticated user group. Standard
users can…
Posted by malvuln on Jun 10
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/40acf109fa9621eae6930ef18f804909.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Cabrotor.10.d
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 1243. Attackers who can reach
infected systems can issue commands made up of single characters E.g….
