Lucene search
K

569 matches found

Packet Storm
Packet Storm
added 2019/06/24 12:0 a.m.262 views

FortiCam FCM-MB40 Code Execution / Privilege Escalation

Original posting: https://xor.cat/2019/06/19/fortinet-forticam-vulns/ Background In March of 2019 I discovered five vulnerabilities in Fortinet's FortiCam FCM-MB401 product. Part-way through disclosing this vulnerability, I discovered that the FCM-MB40 is manufactured by a company called Dynacolo...

0.6AI score
Exploits0
Cvelist
Cvelist
added 2019/05/22 6:12 p.m.21 views

CVE-2019-5627 BlueCats Reveal iOS App Insecure Storage

The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the app cache as base64 encoded strings, i.e. clear text. These persist in the cache even if the user logs out. This can allow an attacker to compromise the affected BlueCats network implementation. The...

2.8CVSS7.4AI score0.00351EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/05/22 6:11 p.m.20 views

CVE-2019-5626 BlueCats Reveal Android App Insecure Storage

The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in a clear text file. This file persists until the user logs out or the session times out from non-usage 30 days of no user activity. This can allow an attacker to compromise the affected BlueCats networ...

2.8CVSS7.6AI score0.00351EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/05/22 6:11 p.m.27 views

CVE-2019-5625 Eaton Halo Home Android App Insecure Storage

The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reboots the device. This vulnerability can allow an attacker to impersonate the legitimate user by...

2.8CVSS6.9AI score0.00411EPSS
Exploits1References2
NVD
NVD
added 2019/04/22 9:29 p.m.12 views

CVE-2019-11384

The Zalora application 6.15.1 for Android stores confidential information insecurely on the system i.e. plain text, which allows a non-root user to find out the username/password of a valid user via /data/data/com.zalora.android/sharedprefs/logindata.xml...

9.8CVSS9.1AI score0.00993EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/04/22 8:57 p.m.16 views

CVE-2019-11384

The Zalora application 6.15.1 for Android stores confidential information insecurely on the system i.e. plain text, which allows a non-root user to find out the username/password of a valid user via /data/data/com.zalora.android/sharedprefs/logindata.xml...

9.1AI score0.00993EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2019/04/15 3:24 p.m.83 views

Authentication Bypass Bug Hits Top Enterprise VPNs

UPDATE VPN apps built by four vendors — Cisco, F5 Networks, Palo Alto Networks and Pulse Secure — improperly store authentication tokens and session cookies without encryption on a user’s computer, according to an alert from the U.S. government’s Cybersecurity and Infrastructure Security Agency...

7.5CVSS5.4AI score0.01699EPSS
Exploits0References12
SonicWall
SonicWall
added 2019/04/12 8:17 p.m.8 views

Multiple VPN applications insecurely store session cookies

A research of Software Engineering Institute of the Carnegie Mellon University shows that multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files. CVE: CVE-2019-1573 CVE-2016-8201 Last updated: April 12, 2019, 8:17 p.m...

5.7CVSS6.9AI score0.00466EPSS
Exploits0
CERT
CERT
added 2019/04/11 12:0 a.m.100 views

VPN applications insecurely store session cookies

Overview Multiple Virtual Private Network VPN applications store the authentication and/or session cookies insecurely in memory and/or log files. Description Virtual Private Networks VPNs are used to create a secure connection with another network over the internet. Multiple VPN applications stor...

8.1CVSS4.5AI score0.02822EPSS
Exploits0References5
Hacker One
Hacker One
added 2019/02/20 12:0 a.m.26 views

Versa Networks: Passwords Stored Insecurely

In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction such as MD5 and SHA-1 alone are insufficient in thwarting password...

2.1CVSS3.3AI score0.00216EPSS
Exploits0
Hacker One
Hacker One
added 2019/01/30 7:12 a.m.304 views

Mail.ru: Insecure Storage and Overly Permissive Google Maps API Key in Android App

Google API keys used in Cloud Mail.Ru for Android application were not properly limited in functionality...

2.2AI score
Exploits0
ICS
ICS
added 2019/01/24 12:0 a.m.106 views

PHOENIX CONTACT FL SWITCH

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: PHOENIX CONTACT Equipment: FL SWITCH Vulnerabilities: Cross-site Request Forgery, Improper Restriction of Excessive Authentication Attempts, Cleartext Transmission of Sensitive Information, Resourc...

9.8CVSS8.1AI score0.02314EPSS
Exploits0References5
NVD
NVD
added 2019/01/11 6:29 p.m.19 views

CVE-2016-4644

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials...

6.5CVSS6.8AI score0.01332EPSS
Exploits0References3
CNVD
CNVD
added 2018/12/05 12:0 a.m.3 views

GitLab CE/EE Sensitive Information Plaintext Storage Vulnerability

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing the contents of a project's files, commit history, bug lists, and more. A sensitive informati...

9.8CVSS9AI score0.00932EPSS
Exploits0References1
OSV
OSV
added 2018/08/13 9:48 p.m.4 views

CVE-2018-15123

Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home...

9.8CVSS5.8AI score0.02442EPSS
Exploits0References1
OSV
OSV
added 2018/05/29 9:29 p.m.6 views

CVE-2018-11544

The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/sharedprefs/com.theolivetree.ftpserverpreferences.xml file as the prefUsername and prefUserpass strings...

9.8CVSS5.8AI score0.01527EPSS
Exploits1References2
CNVD
CNVD
added 2018/05/28 12:0 a.m.3 views

BeaconMedaes Scroll Medical Air Systems TotalAlert Web Application Information Disclosure Vulnerability (CNVD-2018-10605)

BeaconMedaes Scroll Medical Air Systems is a medical surgical air system from BeaconMedaes, Inc. and TotalAlert Web Application is a web-based management program. A security vulnerability exists in the TotalAlert Web Application in the BeaconMedaes Scroll Medical Air Systems. An attacker could...

9.8CVSS6.7AI score0.01297EPSS
Exploits0References1
OSV
OSV
added 2018/02/22 4:29 p.m.3 views

CVE-2017-5250

In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner...

9.8CVSS5.8AI score0.0071EPSS
Exploits0References1
OSV
OSV
added 2018/02/22 4:29 p.m.4 views

CVE-2017-5249

In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner...

9.8CVSS5.8AI score0.0071EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/02/22 4:0 p.m.20 views

CVE-2017-5249

In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner...

9.3AI score0.0071EPSS
Exploits0References1
Rows per page
Query Builder