153 matches found
SNMP Protocol Community String Authentication Privilege Bypass Vulnerability in Riptide RG-WALL-160S Firewall
RG-WALL 160S is a 100 Gigabit firewall product launched by Ruijie Network. The RG-WALL-160S firewall has a SNMP protocol community string authentication privilege bypass vulnerability. It allows an attacker to bypass SNMP access control by utilizing arbitrary strings or integer values to write...
Huawei LogCenter Denial of Service Vulnerability
Huawei LogCenter is a set of log management software from Huawei, China. A denial of service vulnerability exists in Huawei LogCenter version V100R001C10, which stems from the program's lack of legitimacy checking of incoming device information data. An attacker can exploit this vulnerability to...
JVN#08868688: The installers of multiple Japan Pension Service software may insecurely load Dynamic Link Libraries
The installers of multiple Japan Pension Service software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact This vulnerability can be exploited when the following condition is met. If this vulnerability is exploited, an arbitrary code m...
Huawei UMA suffers from command line injection vulnerability (CNVD-2016-06968)
Huawei UMA Unified Maintenance Audit is a unified audit system. It provides a unified O&M operation portal, controls and records O&M operations performed by users, and supports auditing by command view and video playback. A command execution vulnerability exists in Huawei UMA. As the system does...
Siemens SIPROTEC 4 and SIPROTEC Information Disclosure Vulnerability
Siemens SIPROTEC 4 is a family of multifunctional relays; SIPROTEC Compact is a microcomputer protection device in which EN100 is a multi-format encoder module. An information disclosure vulnerability exists in the integrated web server of SIPROTEC 4 and SIPROTEC Compact. A remote attacker with...
Apple Transparency Report Government Requests for Data
Apple’s latest transparency report published on Wednesday shows a big increase in the number of law enforcement and government requests for account and device data. Publication of the report comes on the heels of the latest chapter in the Apple-FBI tussle over encryption and privacy. Tuesday’s...
Vulnerabilities of iOS and Mac OS X operating systems, which allow attackers to gain access to the protected information in the memory structure
The vulnerability of the IOHIDFamily component in iOS and Mac OS X operating systems is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to gain access to the protected memory structure through a specially created application...
Monkey race ray! RSA conference badge scanning application broke vulnerability-vulnerability warning-the black bar safety net
Recently, the BLUE BOX company's security researchers found: RSA 2 0 1 6 The General Assembly on the use of badge scanning APP there is a hard-coded default passwords. This year, RSA 2 0 1 6 The participants will get a unique surprise: the General Assembly, as many manufacturers offer a Samsung...
The vulnerability of the Cisco IOS operating system, which allows a intruder to trigger a service failure
The vulnerability of the PRE module of the Cisco IOS operating system is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by triggering errors during data exchange between devices...
[IPhone Analyzer] IPhone Forensics Tool
iPhone Analzyer allows you to forensically examine or recover date from in iOS device. It principally works by importing backups produced by iTunes or third party software, and providing you with a rich interface to explore, analyse and recover data in human readable formats. Because it works fro...
Another Master Key vulnerability discovered in Android 4.3
Earlier this year, in the month of July it was first discovered that 99% of Android devices are vulnerable to a flaw called "Android Master Key vulnerability" that allow hackers to modify any legitimate and digitally signed application in order to transform it into a Trojan program that can be us...
Code injection
The management interface in the Central Software component in Cisco Unified Computing System UCS does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or modify an inter-device data stream by spoofing an identity, aka Bug ID CSCtk00683...
HTC Working on a Fix for Data Leak Problem
Officials at mobile handset maker HTC said they are working on a patch to fix a problem with many of its Android devices that enables any app with Internet permissions to access a large cache of user and device data that a proprietary tool called HTCLoggers collects. The company said on Monday th...