18 matches found
EUVD-2019-4591
Malware in sbrugna...
EUVD-2019-4590
Malware in sbrugna...
CVE-2019-13021
The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password...
CVE-2019-13022
Bond JetSelect all versions has an issue in the Java class ENCtool.jar and corresponding password generation algorithm used to set initial passwords upon first installation. It XORs the plaintext into the 'encrypted' password that is then stored within the database. These steps are able to be...
CVE-2019-13023
An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to chan...
Unspecified Vulnerability in Bond Technology Management JetSelect
Bond Technology Management JetSelect is an application for managing IP and networks on board. An unspecified vulnerability exists in Bond Technology Management JetSelect. An attacker could exploit this vulnerability to obtain user credentials via the Developer tool or similar...
Unspecified Vulnerability in Bond Technology Management JetSelect (CNVD-2020-29622)
Bond Technology Management JetSelect is an application for managing IP and networks on board ships from Bond Technology Management in Cyprus. An unspecified vulnerability exists in Bond Technology Management JetSelect. An attacker could use this vulnerability to obtain the password of the JetSele...
Unspecified Vulnerability in Bond Technology Management JetSelect (CNVD-2020-29621)
Bond Technology Management JetSelect is an application for managing IP and networks on board ships from Bond Technology Management in Cyprus. An unspecified vulnerability exists in Bond Technology Management JetSelect, which arises from the administrator password being stored in an unprotected fi...
CVE-2019-13021
The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password...
CVE-2019-13022
Bond JetSelect all versions has an issue in the Java class ENCtool.jar and corresponding password generation algorithm used to set initial passwords upon first installation. It XORs the plaintext into the 'encrypted' password that is then stored within the database. These steps are able to be...
CVE-2019-13023
An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to chan...
Design/Logic Flaw
The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password...
CVE-2019-13023
An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to chan...
CVE-2019-13023
Bond JetSelect (all versions) exposes credentials through the web UI: RADIUS secrets, WPA passwords, and SNMP strings hidden with HTML password-field obfuscation can be revealed by using browser Dev Tools to modify the obfuscation. The root cause is client-side password masking rather than server...
CVE-2019-13022
Bond JetSelect (all versions) has a vulnerability in ENCtool.jar password generation where the plaintext password is XORed into an “encrypted” value stored in the database, making the initial admin passwords trivially reversible and enabling privilege escalation to modify/delete networking config...
CVE-2019-13022
Bond JetSelect all versions has an issue in the Java class ENCtool.jar and corresponding password generation algorithm used to set initial passwords upon first installation. It XORs the plaintext into the 'encrypted' password that is then stored within the database. These steps are able to be...
CVE-2019-13021
Bond JetSelect (all versions) stores administrator passwords in an unprotected filesystem file ( /opt/JetSelect/SFC/resources/sfc-general-properties ), instead of encrypting them in the database. The passwords are created via ENCtool.jar during installation and backed up by the installer, enablin...
CVE-2019-13021
The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password...