Research
Uniview nvr reflective cross-site scripting | CVE-2024-3850*
IP camera NVR301-* systems are vulnerable to a reflective cross-site scripting vulnerability via paths under LAPI. Original CVE stated only authenticated pages were vulnerable. However, further testing revealed additional endpoints (unauthenticated) were vulnerable.
CVE-2024-3850 has been updated to reflect the additional scope and raised CVSS score via CISA.
a360inc caseaware reflective cross-site scripting | CVE-2024-25669
a360inc CaseAware 23.07.0.1688663266 allows XSS via the 'usr' parameter.
This is either a regression bug or incomplete fix as reported in CVE-2017-5631.
a360inc caseaware mod_negotiation abuse | CVE-2024-25670
a360 CaseAware 23.07.0.1688663266 allows remote attackers to obtain sensitive information about file and directory names because mod_negotiation and MultiViews are used by its Apache HTTP Server.
Aruba HPE5140 Switch ████ ████████ | CVE-2023-TBD | 0Day
Aruba switch HPE5140 is vulnerable to an ████ ████████ ██ ███ ██████████████ ████ ███ ███ ████ █████████.
Aruba responded that this is a "hardening issue" and released a mitigation bulletin for the time being via:
https://asp.arubanetworks.com/notifications/Tm90aWZpY2F0aW9uOjE0NjMw;notificationCategory=Product
GeoVision ASManager Local file inclusion | CVE-2022-46070
ASManager by GeoVision is vulnerable to a Local File Inclusion in versions at or below 6.0.1.0. The service runs with elevated privileges and allows for retrieval of any protected file on the host.
GeoVision was quick to respond and pushed a fix as a beta 6.0.1B.0 but will have a production release in 6.0.2.0.
Stackify prefix ████████ ███ | CVE-2022-TBD | 0Day
Prefix (3.0.28) by Stackify is vulnerable to a ██████████ ███ █████ ██████ ██████ █████████ ██████████ █████████.
Netreo responded that a fix is in development but could not share an estimated release date.
Aruba HPE2810 switch ████████ ███ | CVE-2022-TBD | 0Day
Aruba switch HPE2810 is vulnerable to a ██████████ ███ █████████████ ████████ ███████ ████████.
Aruba responded that the product is EOL and will not be releasing a fix. It's recommended to upgrade switches or to disable the web interface via:
> conf t
> no web-management
Juniper Junos OS ████ █████████ | CVE-2021-TBD | 0Day
An ███████████████ ████ ███ ██████ █████████ ████████ ███████ ███ ████.
Juniper responded that the product is EOL (J-Web 18.2A1) within 6 months and will not be releasing a fix.
Fortiweb ████████ ██████████ ███ | CVE-2021-TBD | 0Day
FortiWeb internal web application ██ ██████████ █ ██████████ ██████████ █████████. ███ ███ ████ █████ ███████████ ██ █████ ███ ████████ ██ ██ █████████████ ███████ █████ ██ ████████.
FortiNet responded that the product (6.3.10) had an incomplete patch and is working on releasing a fix.
Permissions enforcement through websockets is not thoroughly checked and can lead to an unprivileged 'user' to obtain data only accessible by 'admin'.
CRK Business Platform is vulnerable to reflective XSS via erro.aspx on 'CRK', 'IDContratante', 'Erro', or 'Mod' parameter.
CRK Business Platform is vulnerable to SQL injection on any path that accepts the 'strSessao' parameter.
Symantec's Data Loss Protection is vulnerable to persistent XSS via 'name' parameter on /ProtectManager/enforce/admin/senderrecipientpatterns/list.
An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers.