1/4/2023 0 Comments Twonky server 8.5 serial![]() These products are vulnerable to the attack regardless of having configured the "Secured Server Settings" which are available on the Advanced configuration page. Vulnerability Research Team Credit: Description: Multiple PacketVideo products contain a directory traversal vulnerability within the web server that is running on port 9000. Title: DDIVRT-2012-40 PacketVideo TwonkyServer and TwonkyMedia Directory Traversalĭiscovered By: Digital Defense, Inc. Tested Systems / Software (with versions): ACTi Web Configurator 3.0 - camera version unknown Please contact the ACTi support team to retrieve the firmware upgrade and instructions on how to apply the changes. However, a firmware upgrade which addresses the issue is available for download from the ACTi support team. Solution Description: The production of the cameras employing this version of the ACTi Web Configurator have been discontinued. An unauthenticated remote attacker can use this vulnerability to retrieve arbitrary files that are located outside the root of the web server. Vulnerability Research Team Credit: shmoov and Description: The ACTi Web Configurator 3.0 for ACTi IP Surveillance Cameras contains a directory traversal vulnerability within the cgi-bin directory. Title: DDIVRT-2012-41 ACTi Web Configurator cgi-bin Directory Traversalĭiscovered By: Digital Defense, Inc. ![]() Tested Systems / Software (with versions): SolarWinds Orion Network Performance Monitor 9.1 Please contact SolarWinds support for assistance in addressing the issue. Manually delete the 'Login.asp' page from the vulnerable installation – the vulnerable page has not been used for several versions but does not get removed through the application of upgrades.Upgrade to the latest version of Network Performance Monitor.Solution Description: SolarWinds has addressed the issue in releases subsequent to and including version 9.5 and has provided the following options to resolve the issue: ![]() Fresh installations and migrations starting with version 9.5 do not contain this vulnerability. This vulnerability applies to installations that have been upgraded from version 9.1 or prior. An attacker can leverage this flaw to execute arbitrary SQL commands and extract sensitive information from the backend database using standard blind SQL injection exploitation techniques. Vulnerability Research Team Credit: Description: The SolarWinds Orion Network Performance Monitor 9.1 and prior contains a blind SQL injection flaw on the 'Login.asp' page. Title: DDIVRT-2012-45 SolarWinds Network Performance Monitor Blind SQL Injectionĭiscovered By: Digital Defense, Inc. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |