1073 matches found
BINOM3 Electric Power Quality Meter (Update A)
CVSS v3 10 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: BINOM3 Equipment: Electric Power Quality Meter Vulnerabilities: Cross-site scripting, access control issues, cross-site request forgery CSRF, sensitive information stored in clear-text, and weak credentials management...
Information modification vulnerability in multiple Samsung Galaxy devices
The Samsung Galaxy S4 and others are smart mobile devices released by the South Korean company Samsung Samsung. The information modification vulnerability exists in Samsung Galaxy S4 to S7 devices and stems from the program's failure to validate BroadcastReceiver responses. An attacker could...
Unauthorized Modification Vulnerability in Samsung Galaxy S4 to S7 Devices
The Samsung Galaxy S4 and others are smart mobile devices released by the South Korean company Samsung Samsung. An unauthorized modification vulnerability exists in Samsung Galaxy S4 to S7 devices. The vulnerability stems from the program ignoring security information embedded in OMACP messages. ...
F5 BIG-IP Arbitrary Code Execution Vulnerability
F5 BIG-IP is an all-in-one network device from F5 USA that integrates network traffic management, application security management, load balancing and other functions. An arbitrary code execution vulnerability exists in the Virtual server in the F5 BIG-IP system. When the program is used with the...
BINOM3 Electric Power Quality Meter Cross-Site Request Forgery Vulnerability
The BINOM3 Electric Power Quality Meter is a universal multifunctional power quality monitor. A cross-site request forgery vulnerability exists in BINOM3 Electric Power Quality Meter. Exploitation of this vulnerability could allow unauthorized actions on the device, such as configuration paramete...
AVer Information EH6108H+ hybrid DVR VU authentication bypass vulnerability
The AVer Information EH6108H+ hybrid DVR VU is a hard disk recorder DVR product from Round Show AVer Information. An authentication bypass vulnerability exists in the AVer Information EH6108H+ hybrid DVR VU. By guessing the web interface/setup page handle parameter, an unauthenticated attacker ma...
CVE-2016-3737
It was discovered that sending specially crafted HTTP request to the JON server would allow deserialization of that message without authentication. An attacker could use this flaw to cause remote code execution. Mitigation Apply the configuration changes described in the documentation here: For...
Compal CH7465LG-LC ModemRouter CH7465LG-NCIP-4.50.18.13-NOSH - Multiple Vulnerabilities
Compal CH7465LG-LC ModemRouter CH7465LG-NCIP-4.50.18.13-NOSH - Multiple Vulnerabilities Compal CH7465LG-LC modem/router multiple vulnerabilities -------------------------------------------------------- The following vulnerabilities are the result of a quick check 3 hours of the Mercury modem. We...
Compal CH7465LG-LC Modem / Router CH7465LG-NCIP-4.50.18.13-NOSH - Multiple Vulnerabilities
Exploit for hardware platform in category web applications Compal CH7465LG-LC modem/router multiple vulnerabilities -------------------------------------------------------- The following vulnerabilities are the result of a quick check 3 hours of the Mercury modem. We performed a systematic and...
Compal CH7465LG-LC Modem/Router CH7465LG-NCIP-4.50.18.13-NOSH - Multiple Vulnerabilities
Compal CH7465LG-LC modem/router multiple vulnerabilities -------------------------------------------------------- The following vulnerabilities are the result of a quick check 3 hours of the Mercury modem. We performed a systematic and deeper evaluation of this device also, which result will be...
Compal CH7465LG-LC Modem / Router Session Management / Command Injection
Compal CH7465LG-LC modem/router multiple vulnerabilities -------------------------------------------------------- The following vulnerabilities are the result of a quick check 3 hours of the Mercury modem. We performed a systematic and deeper evaluation of this device also, which result will be...
CVE-2016-1452
Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526...
CVE-2016-1452
Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526...
CVE-2016-1452
Cisco ASR 5000 Series devices running software 18.3–20.0.0 are affected by CVE-2016-1452. The issue stems from an SNMP read-write community string that is not confidential, enabling remote attackers to read/modify device configuration and perform changes over SNMP. The vulnerability is fixed in C...
The vulnerability of the Firefox browser, which allows a malicious actor to compromise the integrity and accessibility of protected information
The vulnerability exists in Mozilla Firefox due to an incorrect limitation on event handling, which replaces events related to configuration changes. Exploiting this vulnerability allows malicious actors to remotely alter the positions of icons on the user interface by using specially crafted...
Cisco EPC 3928 - Multiple Vulnerabilities
Cisco EPC 3928 - Multiple Vulnerabilities Title: Cisco EPC 3928 Multiple Vulnerabilities Vendor: http://www.cisco.com/ Vulnerable Versions: Cisco Model EPC3928 DOCSIS 3.0 8x4 Wireless Residential Gateway CVE References: CVE-2015-6401 / CVE-2015-6402 / CVE-2016-1328 / CVE-2016-1336 / CVE-2016-1337...
CVE-2016-4501
Environmental Systems Corporation ESC 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors...
CVE-2016-4501
Environmental Systems Corporation ESC 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors...
Authentication flaw
Environmental Systems Corporation ESC 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors...
Cisco TelePresence XML API HTTP Request Handling Authentication Bypass (cisco-sa-20160504-tpxml)
The remote host is running a version of Cisco TelePresence Codec TC that is 7.2.x prior to 7.3.6 or a version of Cisco Collaboration Endpoint CE software that is 8.x prior 8.1.1. It is, therefore, affected by an authentication bypass vulnerability in the XML application programming interface API ...