RSS   Vulnerabilities for 'Open xdmod'   RSS

2019-05-02
 
CVE-2018-16988

CWE-640
 

 
An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes.

 
 
CVE-2018-16961

CWE-22
 

 
An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file parameter, allowing remote attackers to read PDF files in arbitrary directories.

 
 
CVE-2018-16960

CWE-79
 

 
An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xd_user_formal_name parameter.

 

 >>> Vendor: Buffalo 43 Products
Wmr-433 firmware
Wzr-600dhp2 firmware
Wzr-600dhp3 firmware
Wzr-900dhp2 firmware
Wzr-900dhp firmware
Wzr-s600dhp firmware
Wzr-s900dhp firmware
Bhr-4grv firmware
Dwr-hp-g300nh firmware
Fs-600dhp firmware
Hw-450hp-zwe firmware
Wapm-ag300n firmware
Wapm-apg300n firmware
Wcr-300 firmware
Whr-300 firmware
Whr-300hp firmware
Whr-hp-g300n firmware
Wpl-05g300 firmware
Wxr-1750dhp firmware
Wxr-1900dhp firmware
Wzr-1166dhp2 firmware
Wzr-1166dhp firmware
Wzr-1750dhp2 firmware
Wzr-1750dhp firmware
Wzr-300hp firmware
Wzr-450hp-cwt firmware
Wzr-450hp-ub firmware
Wzr-450hp firmware
Wzr-600dhp firmware
Wzr-d1100h firmware
Wzr-hp-ag300h firmware
Wzr-hp-g300nh firmware
Wzr-hp-g301nh firmware
Wzr-hp-g302h firmware
Wzr-hp-g450h firmware
Wzr-s1750dhp firmware
Wmr-433w firmware
Wapm-1166d firmware
Wapm-apg600h firmware
Wcr-1166ds firmware
Wxr-1900dhp2 firmware
Ts5600d1206 firmware
Open xdmod


Copyright 2024, cxsecurity.com

 

Back to Top