Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-34876PUBLISHED: 2022-07-05
SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or mak...
CVE-2022-34877PUBLISHED: 2022-07-05
SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavail...
CVE-2022-34878PUBLISHED: 2022-07-05
SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and bec...
CVE-2022-34879PUBLISHED: 2022-07-05Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.
CVE-2022-31770PUBLISHED: 2022-07-05IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221.
User Rank: Apprentice
8/28/2018 | 3:15:38 AM
LoRaWAN uses very poor secuirty using symmetric keys when asymmetric in hardware is required.
Massive IoT systems have been deployeed all over the world using this very poor security.
Cloning is easy and the current system does not know the difference.
TTN forum people could not understand what i was showing them, all fools.
I told the VP of Semtech about this and they sent me £2000 of kit to test.
LoRaWAN security design is broken, but they all dont want to talk about it.
I think the NSA told LoRaWAN design team , they must have access to all IoT devices & AES keys.
So now they have a database of AES keys!
I told them no one in security stores AES keys in a database.
I pointed to SAML11 for their education and the 508a/608a from Microchip.
Now most people using LoRaWAN think its safe as they are all sheep.
They all trust software security far to much, like idiot's they all are.
If only a BLACK HAT researcher would look into LoRaWAN security!
I have only 30 years experience under my belt, i used to work for bank security also.