touch software vulnerabilities
vulnerabilities.aspcode.net
Searching touch software vulnerabilities
Alcatel Speed Touch ADSL modem running firmware
unauthorized
|
KHDSAA132
|
KHDSAA108
|
KHDSBA133
|
attackers
|
KHDSAA134
|
password
|
firmware
|
default
|
Alcatel
|
running
|
remote
|
allows
|
access
|
Speed
|
which
|
blank
|
Touch
|
modem
|
gain
|
ADSL
|
has
|
Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, KHDSAA.132, KHDSBA.133, and KHDSAA.134 has a blank default password, which allows remote attackers to gain unauthorized access.
The challenge-response authentication of the EX
challenge-response
|
authentication
|
information
|
privileges
|
KHDSAA134
|
KHDSAA132
|
KHDSAA108
|
attackers
|
computing
|
directly
|
response
|
provided
|
firmware
|
Alcatel
|
through
|
running
|
during
|
device
|
allows
|
EXPERT
|
remote
|
Speed
|
login
|
based
|
Touch
|
gain
|
user
|
The challenge-response authentication of the EXPERT user for Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 allows remote attackers to gain privileges by directly computing the response based on information that is provided by the device during login.
Alcatel Speed Touch running firmware KHDSAA.108
configurations
|
KHDSAA132
|
KHDSAA108
|
KHDSAA134
|
attackers
|
versions
|
password
|
device's
|
firmware
|
without
|
running
|
through
|
Alcatel
|
remote
|
change
|
allows
|
server
|
Speed
|
which
|
Touch
|
TFTP
|
has
|
Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 has a TFTP server running without a password, which allows remote attackers to change firmware versions or the device's configurations.
Alcatel Speed Touch Home ADSL Modem allows remo
attackers
|
service
|
Alcatel
|
remote
|
denial
|
allows
|
cause
|
Touch
|
Speed
|
Modem
|
ADSL
|
Home
|
Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a denial of service (reboot) via a network scan with unusual packets, such as nmap with OS detection.
Info Touch Surfnet kiosk allows local users to
authentication
|
accounts
|
Internet
|
repeated
|
attempts
|
deposit
|
Surfnet
|
allows
|
extra
|
local
|
kiosk
|
Touch
|
users
|
time
|
Info
|
into
|
via
|
Info Touch Surfnet kiosk allows local users to deposit extra time into Internet kiosk accounts via repeated authentication attempts.
Info Touch Surfnet kiosk allows local users to
CMD_CREDITCARD_CHARGE
|
underlying
|
operating
|
command
|
Surfnet
|
access
|
system
|
allows
|
kiosk
|
Touch
|
local
|
crash
|
users
|
Info
|
via
|
Info Touch Surfnet kiosk allows local users to crash Surfnet and access the underlying operating system via the CMD_CREDITCARD_CHARGE command.
Info Touch Surfnet kiosk allows local users to
underlying
|
filesystem
|
Surfnet
|
allows
|
access
|
users
|
Touch
|
kiosk
|
local
|
Info
|
via
|
Info Touch Surfnet kiosk allows local users to access the underlying filesystem via a 'file://' URI.
** DISPUTED ** Multiple SQL injection vulnerab
vulnerabilities
|
injection
|
DISPUTED
|
Invision
|
Multiple
|
Power
|
Board
|
SQL
|
** DISPUTED ** Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php. NOTE: the developer has disputed this issue, stating that "At no point does the CODE parameter touch the database. The CODE parameter is used in a SWITCH statement to determine which function to run."
The Touch Control ActiveX control 2.0.0.55 allo
ActiveX
|
Control
|
Touch
|
The Touch Control ActiveX control 2.0.0.55 allows remote attackers to read and possibly execute arbitrary files via a "file///" URI in the sPath parameter to the Execute function.
thttpd on Debian GNU/Linux, and possibly other
distributions
|
start_thttpd
|
arbitrary
|
temporary
|
GNU/Linux
|
possibly
|
symlink
|
create
|
attack
|
allows
|
thttpd
|
Debian
|
other
|
touch
|
users
|
files
|
local
|
file
|
via
|
thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an
element; and (13) the vhost parameter to my.activation.php. NOTE: it is possible that this candidate overlaps CVE-2006-3550.
Alcatel-Lucent IP-Touch Telephone running OmniP
Alcatel-Lucent
|
daisy-chained
|
Enterprise
|
attackers
|
Telephone
|
IP-Touch
|
default
|
systems
|
enables
|
OmniPCX
|
running
|
access
|
allows
|
switch
|
voice
|
later
|
which
|
VLAN
|
mini
|
gain
|
via
|
Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems.
Software vulnerabilities results 1 to 13 of 13
Page:
1