| ACSA-2015-002 |
|
Pre-auth Remote Command Execution/Injection (RCE/RCI) in the web interface can allow attackers to effectively gaining root (webserver user) access on the device
|
|
| ACSA-2015-001 |
|
- a) pre-auth Remote Command Execution/Injection (RCE/RCI), effectively gaining root (webserver user) on the device
- a*) "web non-admin" authenticated user Remote Command Execution/Injection (RCE/RCI), effectively gaining root (webserver user) on the device
- b) pre-auth Cross-Site Scripting (XSS)
- b*) "web non-admin" authenticated user Cross-Site Scripting (XSS)
|
|
| CVE-2013-6362 |
|
Hard-coded ftp and shell user account password in certain Xerox ColorQube and WorkCenter devices |
XRX13-008
|
| CVE-2013-5638 |
|
Transcend WiFiSD Multiple Vulnerabilities in web-server (persistent XSS, clear text sensitive info) |
- |
| CVE-2013-5637 |
|
PQI AirCard Multiple Vulnerabilities in web-server (persistent XSS, clear text sensitive info) |
- |
| CVE-2013-6276 |
|
Multiple 'authorized_keys' entries in multiple QNAP products |
- |
| CVE-2013-6277 |
|
Multiple 'authorized_keys' entries in multiple QNAP products |
- |
| CVE-2013-6360 |
|
Trendnet TS-S402 Backdoor telnet enabling page |
- |
| CVE-2013-5652 |
|
Multiple DVR/CCTV/IPcam Manufacturers web interface admin-level hardcoded 'backdoor' - Hunt, Huntelec plus around 40 vendors customizing Hunt products |
- |
| CVE-2013-1391 |
|
Multiple DVR/CCTV/IPcam Manufacturers Configuration Disclosure - Original CVE-2013-1391 extended to Hunt, Huntelec plus around 40 vendors customizing Hunt products |
- |
| - |
|
DLink Telnet access via hardcoded Alphanetworks and image_sign |
- |
| - |
|
Unauthenticated packet injection, replay in __omitted__'s wireless firing system |
- |
