101 matches found
The vulnerabilities of Schneider Electric’s automation controllers with microprogrammed software, such as C-Bus (LSS5500NAC), Wiser for C-Bus (LSS5500SHAC), Clipsal C-Bus (5500NAC), Clipsal Wiser for C-Bus (5500SHAC), and SpaceLogic C-Bus (5500NAC2), SpaceLogic C-Bus (5500AC2), are related to errors during authentication procedures. These vulnerabilities allow attackers to gain full access to the devices.
The vulnerabilities of Schneider Electric’s automation controllers—C-Bus LSS5500NAC, Wiser for C-Bus LSS5500SHAC, Clipsal C-Bus 5500NAC, Clipsal Wiser for C-Bus 5500SHAC, and SpaceLogic C-Bus 5500NAC2, 5500AC2—are related to authentication process errors. Exploiting these vulnerabilities can allo...
FortiWeb - Multiple vulnerabilities in the authentication mechanism of confd
Multiple vulnerabilities in the authentication mechanism of FortiWeb's confd, including an instance of concurrent execution using shared resource with improper synchronization CWE-362 and one of authentication bypass by capture-replay CWE-294, may allow a remote unauthenticated attacker to...
Microsoft Discloses Critical Bugs Allowing Takeover of NETGEAR Routers
Cybersecurity researchers have detailed critical security vulnerabilities affecting NETGEAR DGN2200v1 series routers, which they say could be reliably abused as a jumping-off point to compromise a network's security and gain unfettered access. The three HTTPd authentication security weaknesses CV...
VMSA-2021-0010:VMware vCenter Server updates address remote code execution and authentication vulnerabilities
Advisory ID: VMSA-2021-0010 CVSSv3 Range: 6.5-9.8 Issue Date:2021-05-25 Updated On: 2021-05-25 Initial Advisory CVEs: CVE-2021-21985, CVE-2021-21986 Synopsis: VMware vCenter Server updates address remote code execution and authentication vulnerabilities CVE-2021-21985, CVE-2021-21986 RSS Feed...
The vulnerabilities of Trend Micro Vulnerability Protection and Trend Micro Deep Security Manager, related to authentication deficiencies, allow attackers to enhance their privileges.
The vulnerabilities of Trend Micro Vulnerability Protection and Trend Micro Deep Security Manager are related to authentication deficiencies. Exploiting these vulnerabilities can allow attackers, operating remotely, to increase their privileges...
Huawei EulerOS: Security Advisory for dovecot (EulerOS-SA-2020-1146)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apple iOS < 13.0 Multiple Vulnerabilities
Binary data appleios130check.nbin...
MGASA-2019-0266 Updated squid packages fix security vulnerabilities
Updated squid packages fix security vulnerabilities: It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service CVE-2019-12525. It was discovered that Squid incorrectly handled...
Researchers Bypass Apple FaceID Using Biometrics 'Achilles Heel'
LAS VEGAS – Vulnerabilities have been uncovered in the authentication process of biometrics technology that could allow bad actors to bypass various facial recognition applications – including Apple’s FaceID. But there is a catch. Doing so requires the victim to be out cold. Researchers on...
Joomla! 3.1.x < 3.8.0 Multiple Vulnerabilities
According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A flaw exists related to SQL query handling that allows disclosure of article introduction text when such articles are in the archived state. Note that only versions 3.7.0...
Hanging Up on Mobile in the Name of Security
An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. Increasingly frequent, high-profile attacks like the...
Phoenix Contact ILC PLC Authentication Vulnerabilities
OVERVIEW Matthias Niedermaier and Michael Kapfer of HSASec Hochschule Augsburg have identified authentication vulnerabilities in Phoenix Contact’s ILC inline controller PLCs. Phoenix Contact GmbH & Co. KG has produced a mitigation plan that includes an update and recommended security practices to...
MS16-101: Security update for Windows authentication methods: August 9, 2016
Resolves vulnerabilities in Windows that could allow elevation of privilege if an attacker runs a specially crafted application on a domain-joined system.Important This article contains information that shows you how to help lower security settings or how to turn off security features on a...
RHEL 5 : samba (RHSA-2016:0621) (Badlock)
An update for samba is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
CareFusion Pyxis SupplyStation System Vulnerabilities
OVERVIEW Independent researcher Billy Rios identified authentication vulnerabilities in CareFusion’s Pyxis SupplyStation system. CareFusion has implemented additional controls to mitigate some of these vulnerabilities in the SupplyStation system. Some of the reported vulnerabilities could be...
Accuenergy Acuvim II Authentication Vulnerabilities
OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on October 2, 2014, and is being released to the ICS-CERT web site. Independent researcher Laisvis Lingvevicius has identified two authentication vulnerabilities within the Accuenergy AXM-NET Ethernet module’s web...
CVE-2014-4614
Multiple cross-site request forgery CSRF vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the 1 pwg.groups.addUser, 2 pwg.groups.deleteUser, 3 pwg.groups.setInfo, 4 pwg.users.setInfo, 5 pwg.permissions.add, or 6...
Siemens Fixes Authentication Bugs in Scalance X-200 Switches
Researchers have discovered two serious vulnerabilities in industrial Ethernet switches manufactured by Siemens that could enable attackers to perform unauthorized actions on the switches without authentication. One of the bugs allows attackers to hijack Web sessions and the other enables them to...
Mobile Security Woes Go Beyond Malicious Apps
If, like most Americans, you’ve developed an attachment to your mobile phone that borders on the unnatural and have a hard time going 11 seconds without checking email or texts, you’d do well not to attend a talk by Zach Lanier and Mike Zusman anytime soon. The pair discussed a variety of...
CVE-2004-2210
Multiple cross-site scripting XSS vulnerabilities in Express-Web Content Management System CMS allow remote attackers to steal cookie-based authentication information and possibly perform other exploits via the 1 n, 2 b, 3 e, or 4 a parameters to default.asp, 5 the Referer header in an HTTP reque...