A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NXorux Lpar2rrd
APPXorux7.21 – 7.30 (bez)Xorux Stor2rrd
APPXorux7.21 – 7.30 (bez)
Powiązane podatności
lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30.
tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell ...
LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sa...
LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server.
An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file...