Skip to content

Instantly share code, notes, and snippets.

CyberSKR

Block or report user

Report or block CyberSKR

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@CyberSKR
CyberSKR / CVE-2018-19394.md
Created Mar 15, 2019
CVE-2018-19394: The Cobham Satcom Sailor 800 and Sailor 900 devices contained a persistent Cross Site Scripting (XSS) vulnerability.
View CVE-2018-19394.md

CVE-2018-19394

Suggested description
The Cobham Satcom Sailor 800 and Sailor 900 devices contained a persistent Cross Site Scripting (XSS) vulnerability, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (E.g. Satellite name), and then restoring the malicious configuration file.


Vulnerability Type
Cross Site Scripting (XSS)

@CyberSKR
CyberSKR / CVE-2018-19393.md
Created Mar 15, 2019
CVE-2018-19393: The Cobham Satcom Sailor 800 and Sailor 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file.
View CVE-2018-19393.md

CVE-2018-19393

Suggested description
The Cobham Satcom Sailor 800 and Sailor 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation.


Vulnerability Type
Incorrect Access Control

@CyberSKR
CyberSKR / CVE-2018-19392.md
Last active Mar 15, 2019
CVE-2018-19392: The Cobham Satcom Sailor 250 and Sailor 500 devices contained an unauthenticated password reset vulnerability. This could allow them to modify any user account's password (including the default "admin" account), without prior knowledge of their password. All that is required is knowledge of the username and attack vector.
View CVE-2018-19392.md

CVE-2018-19392

Suggested description
The Cobham Satcom Sailor 250 and Sailor 500 devices contained an unauthenticated password reset vulnerability. This could allow them to modify any user account's password (including the default "admin" account), without prior knowledge of their password. All that is required is knowledge of the username and attack vector.


Vulnerability Type
Incorrect Access Control

@CyberSKR
CyberSKR / CVE-2018-19391.md
Last active Mar 15, 2019
CVE-2018-19391: The Cobham Satcom Sailor 250 and Sailor 500 devices contained a persistent Cross Site Scripting (XSS) vulnerability, which could be exploited by an unauthenticated threat actor.
View CVE-2018-19391.md

CVE-2018-19391

Suggested description
The Cobham Satcom Sailor 250 and Sailor 500 devices contained a persistent Cross Site Scripting (XSS) vulnerability, which could be exploited by an unauthenticated threat actor.


Vulnerability Type
Cross Site Scripting (XSS)

@CyberSKR
CyberSKR / CVE-2018-16705.md
Last active Sep 10, 2018
CVE-2018-16705 - The Furuno Felcom250 and Felcom500 devices allowed unauthenticated access to an XML file containing all of the system's usernames and passwords.
View CVE-2018-16705.md

CVE-2018-16705

Suggested description
The Furuno Felcom250 and Felcom500 devices allowed unauthenticated access to an XML file containing all of the system's usernames and passwords. This included the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext.


Vulnerability Type
Cleartext Password Disclosure

@CyberSKR
CyberSKR / CVE-2018-16591.md
Last active Sep 10, 2018
CVE-2018-16591 - The Furuno Felcom250 and Felcom500 devices allowed unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SIM" panel.
View CVE-2018-16591.md

CVE-2018-16591

Suggested description
The Furuno Felcom250 and Felcom500 devices allowed unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel.


Vulnerability Type
Incorrect Access Control

@CyberSKR
CyberSKR / CVE-2018-16590.md
Last active Sep 10, 2018
CVE-2018-16590 - The Furuno Felcom250 and Felcom500 devices were found to perform authentication only on the client-side via the use of JavaScript.
View CVE-2018-16590.md

CVE-2018-16590

Suggested description
The Furuno Felcom250 and Felcom500 devices were found to perform authentication only on the client-side via the use of JavaScript.


Vulnerability Type
Incorrect Access Control

@CyberSKR
CyberSKR / CVE-2018-11543.md
Last active Sep 6, 2018
CVE-2018-11543 - A Local File Inclusion (LFI) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the downloading of arbitrary files via an unspecified vector.
View CVE-2018-11543.md

CVE-2018-11543

Suggested description
A Local File Inclusion (LFI) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the downloading of arbitrary files via an unspecified vector.


VulnerabilityType Other
Local File Inclusion (LFI)

@CyberSKR
CyberSKR / CVE-2018-11542.md
Last active Sep 6, 2018
CVE-2018-11542 - A Remote Command Execution (RCE) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the execution of arbitrary commands via an unspecified vector.
View CVE-2018-11542.md

CVE-2018-11542

Suggested description
A Remote Command Execution (RCE) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the execution of arbitrary commands via an unspecified vector.


VulnerabilityType Other
Remote Command Execution (RCE)

@CyberSKR
CyberSKR / CVE-2018-11541.md
Last active Sep 6, 2018
CVE-2018-11543 - A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector.
View CVE-2018-11541.md

CVE-2018-11541

Suggested Description
A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector.


Vulnerability Type
Incorrect Access Control

You can’t perform that action at this time.