Dell OpenManage Enterprise versions up to 3.6.1 suffer from multiple hard-coded credential issues, multiple privilege escalation, weak permissions, authentication bypass, and other vulnerabilities.
KevinLAB BEMS version 1.0 has an undocumented backdoor account and the sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system […]
KevinLAB BEMS version 1.0 suffers from an unauthenticated SQL Injection vulnerability. Input passed through input_id POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code to bypass the authentication mechanism.
KevinLAB BEMS version 1.0 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the page GET parameter in index.php is not properly verified before being used to include files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.
KevinLAB BEMS 1.0 – File Path Traversal Information Disclosure (Authenticated)
Tags: 0day, remote exploitKevinLAB BEMS 1.0 – Unauthenticated SQL Injection / Authentication Bypass
Tags: 0day, remote exploithttp://www.takesa1.go.th notified by Salman Hacker
Tags: defacement