0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Barco ClickShare XSS / Remote Code Execution / Path Traversal Vulnerabilities

Author

Vincent Ruijter

Risk

[

Security Risk Critical

]

0day-ID

0day-ID-26324

Category

web applications

Date add

14-11-2016

CVE

CVE-2016-3149
CVE-2016-3150
CVE-2016-3151
CVE-2016-3152

Platform

php

CVE-2016-3149 - Remote Code Execution in Barco ClickShare CSC-1 and CSM-1
Affected versions: all versions prior to v01.09.03 (CSC-1) and v01.06.02 (CSM-1).
A remote code execution vulnerability exists within the Barco ClickShare base unit software, that could lead to full compromise of the appliance.

CVE-2016-3150 - Cross-site Scripting in Barco ClickShare CSC-1, CSM-1 and CSE-200
Affected versions:  all versions prior to v01.09.03 (CSC-1), v01.06.02 (CSM-1) and v01.03.02 (CSE-200)
A Cross-Site Scripting vulnerability exists within Barco ClickShare's CSC-1 base unit's wallpaper.php due to invalid input and output sanitisation. 

CVE-2016-3151 - Path Traversal in Barco ClickShare CSC-1, CSM-1 and CSE-200
Affected versions: all versions prior to v01.09.03 (CSC-1),  v01.06.02 (CSM-1) and v01.03.02 (CSE-200).
A Path Traversal vulnerability exists within Barco ClickShare's wallpaper parsing functionality, which leads to disclosure of the /etc/shadow file on the file system. 

CVE-2016-3152 - /etc/shadow file disclosure in the CSC-1 firmware update
Affected versions: all versions prior to v01.09.03 (CSC-1)
It is possible to download and extract the firmware image of the CSC-1 and obtain the root password.

The vendor has acknowledged and patched the aforementioned issues. It is recommended to download and apply the most recent firmware update for your appliance.

References:
http://www.barco.com/en/mybarco/mysupport/documentation/software/software-detail?nr=R33050020&rev=001002000009
http://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050037&rev=001001000113
https://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050070&rev=001001000008

--

Regards,

Vincent Ruijter
Ethical Hacker
Chief Information Security Office
KPN B.V.

#  0day.today [2024-11-15]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Barco ClickShare XSS / Remote Code Execution / Path Traversal Vulnerabilities

Report Error

Report Error