0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
URVE Software Build 24.03.2020 Missing Authorization Vulnerability
Author
Risk
![](/img/risk/critlow_3.gif)
Security Risk High
]0day-ID
Category
Date add
CVE
Platform
URVE Software Build 24.03.2020 Missing Authorization Vulnerability Product: URVE Software Manufacturer: Eveo Sp. z o.o. Affected Version(s): Build "24.03.2020" Tested Version(s): Build "24.03.2020" Vulnerability Type: Missing Authorization (CWE-862) Risk Level: High Solution Status: Open Manufacturer Notification: 2020-11-10 Solution Date: 2020-11-18 Public Disclosure: 2020-12-23 CVE Reference: CVE-2020-29551 Authors of Advisory: Erik Steltzner, SySS GmbH Christoph Ritter, SySS GmbH ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Overview: URVE is a system for reserving rooms which also provides a web interface with event scheduler. The manufacturer describes the product as follows (see [1] and [2]): 'Booking rooms on touchscreen and easy integration with MS Exchange, Lotus, Office 365, Google Calendar and other systems. Great looking schedules right at the door. Fight conference room theft with our 10" touchscreen wall-mounted panel.' 'Manage displays, edit playlists and HTML5 content easily. Our server can be installed on any Windows and works smoothly from web browser.' ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Vulnerability Details: It is possible to access many different files without authentication in an unauthorized way. These files are partly PHP scripts which can potentially cause damage. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Proof of Concept (PoC): Using the following path, it is possible to shut down the system: _internal/pc/shutdown.php Among others, the following files and scripts are also accessible: _internal/pc/abort.php _internal/pc/restart.php _internal/pc/vpro.php _internal/pc/wake.php _internal/error_u201409.txt _internal/runcmd.php _internal/getConfiguration.php ews/autoload.php ews/del.php ews/mod.php ews/sync.php utils/backup/backup_server.php utils/backup/restore_server.php MyScreens/timeline.config kreator.html5/test.php addedlogs.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: When processing a request, it should be checked whether the requesting actor is authorized to access the resource. # 0day.today [2024-07-04] #