Ir al contenido principal

Entradas

Destacados

[EndRun] - NTP servers - Nonauthenticated XSS Reflected [ CVE-2023-38967 ]

  EndRun Technologies is dedicated to the development and refinement of the technologies required to fulfill the demanding needs of the time and frequency community. -------------------------------------------------------------------------------------------------------------------------- EndRun NTP servers present vulnerabilities that allow an unauthenticated attacker to inject malicious javascript code (Cross-site Scripting - XSS). Requirements: - Authenticated - HTTPS - Accessible from the internet Affected Devices:   Tempus LX CDMA Network Time Server   Sonoma Network Time Server GPS-Synchronized   RTM3205 Precision Timing Module   Meridian II 2U Precision TimeBase   Unison CDME NEtwork Time Server Affected Components:   ftp_linux_wait.php - Parameter [ login_name ]   reboot.php - Parameters [user & pass ] ftp_linux_wait.php reboot.php CVE:  CVE-2023-38967 By:  @Linuxmonr4

Entradas más recientes

[EndRun Technologies] - Multiple Unautenticated RCE [ CVE-2023-38966 ]

[GOCLOUD] - RCE in Gocloud Routers (authenticated) - (CVE-2020-8949)

[TimeTools] - SR / SC Series Network Time Protocol Server - RCE - (CVE-2020-8963 | CVE-2020-8964)

[Symmetricom] SyncServer S100/S200/S250/S300/S350 - User Creation/Modification/Deletion - Not authenticated - (CVE-2020-9034)

[Symmetricom] SyncServer S100/S200/S250/S300/S350 - Stored XSS - Not authenticated - (CVE-2020-9028)

[Symmetricom] SyncServer S100/S200/S250/S300/S350 - Path Transversal - (CVE-2020-9029/CVE-2020-9030/CVE-2020-9031/CVE-2020-9032/CVE-2020-9033)

[ELTEX] - Devices NTP-RG-1402G & NTP-2 - OS command Injection - (CVE-2020-9026/CVE-2020-9027)