66 matches found
CVE-2019-25279
FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can directly read sensitive login information stored in /faceGuard/database/FaceSentryWeb.sqlite without...
CVE-2019-25279
FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can directly read sensitive login information stored in /faceGuard/database/FaceSentryWeb.sqlite without...
CVE-2019-25278
FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication...
CVE-2019-25277
FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing...
CVE-2019-25277
FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing...
CVE-2019-25278
FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication...
iWT FaceSentry Access Control System 安全漏洞
iWT FaceSentry Access Control System is a face recognition access control system from China's iWT Corporation. A security vulnerability exists in iWT FaceSentry Access Control System version 6.4.8, which originates from the transmission of authentication credentials in clear text and could lead t...
iWT FaceSentry Access Control System 跨站脚本漏洞
iWT FaceSentry Access Control System is a face recognition access control system from the Chinese company iWT. A cross-site scripting vulnerability exists in iWT FaceSentry Access Control System version 6.4.8, which stems from unvalidated input of the msg parameter in the pluginInstall.php file,...
iWT FaceSentry Access Control System 安全漏洞
iWT FaceSentry Access Control System is a face recognition access control system from the Chinese company iWT. A security vulnerability exists in iWT FaceSentry Access Control System version 6.4.8, which originates from storing passwords in clear text and could lead to credential disclosure...
CVE-2019-25277 FaceSentry Access Control System 6.4.8 Reflected Cross-Site Scripting via pluginInstall.php
FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing...
CVE-2019-25277 FaceSentry Access Control System 6.4.8 Reflected Cross-Site Scripting via pluginInstall.php
FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing...
CVE-2019-25279 FaceSentry Access Control System 6.4.8 Cleartext Password Storage Vulnerability
FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can directly read sensitive login information stored in /faceGuard/database/FaceSentryWeb.sqlite without...
CVE-2019-25279 FaceSentry Access Control System 6.4.8 Cleartext Password Storage Vulnerability
FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can directly read sensitive login information stored in /faceGuard/database/FaceSentryWeb.sqlite without...
CVE-2019-25279
The CVE-2019-25279 entry applies to the FaceSentry Access Control System version 6.4.8. The vulnerability stems from cleartext password storage inside the device’s SQLite database, allowing an attacker to read credentials directly from /faceGuard/database/FaceSentryWeb.sqlite without authenticati...
CVE-2019-25278
FaceSentry Access Control System 6.4.8 is vulnerable to a cleartext transmission issue that enables remote attackers to perform MiTM attacks and intercept authentication credentials (e.g., HTTP cookie data) during network communications. The vulnerability stems from transmitting credentials in cl...
CVE-2019-25278 FaceSentry Access Control System 6.4.8 Authentication Credentials MiTM Disclosure
FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication...
PT-2026-1677
Name of the Vulnerable Software and Affected Versions FaceSentry Access Control System version 6.4.8 Description The FaceSentry Access Control System stores passwords in cleartext within the device’s SQLite database. This allows attackers to access unencrypted credentials directly from the...
PT-2026-1676
Name of the Vulnerable Software and Affected Versions FaceSentry Access Control System version 6.4.8 Description The FaceSentry Access Control System is susceptible to a cleartext transmission issue. This allows remote attackers to intercept authentication credentials through man-in-the-middle...
PT-2026-1675
Name of the Vulnerable Software and Affected Versions FaceSentry Access Control System version 6.4.8 Description The FaceSentry Access Control System is affected by a cross-site scripting issue in the msg parameter of the pluginInstall.php file. This allows attackers to inject malicious scripts...
CVE-2019-25242
FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by...