569 matches found
Wickr Inc - App Clock & Message Deletion Glitch P2
Document Title: =============== Wickr Inc - App Clock & Message Deletion Glitch P2 References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2107 Document: https://www.vulnerability-lab.com/resources/documents/2107.rar Vulnerability Magazine:...
Wickr Inc - App Clock & Message Deletion Glitch P2
Document Title: =============== Wickr Inc - App Clock & Message Deletion Glitch P2 References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2107 Document: https://www.vulnerability-lab.com/resources/documents/2107.rar Vulnerability Magazine:...
CVE-2017-13701
Affected product: MOXA EDS-G512E (5.1 build 16072215). Issue: backup files store passwords without salt and with an insecure, timestamped ciphering method, enabling exposure of credentials. Impact: high confidentiality and integrity concerns; CVSS-3.0 base score 9.8 (CRITICAL), network attack vec...
CVE-2017-3742
In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to t...
Insecure Storage Of Cache Files
RuboCop does not store cache files securely. It stores the cache files in \tmp, where a malicious local user can tamper with cache files belonging to other users...
Information Disclosure
github.com/openshift/origin is vulnerable to information disclosure. When a pod is used with the --credentials option is used, a local attacker can get private key information by reading the systemd journal. This is because when the --credential option is enabled, the router credentials are store...
MicroMail Email Client for Android - Gesture Password Insecure Storage Vulnerability
Micro Mail is a multi-mailbox management mobile client, mobile office tools for personal and business users. Micro Mail Mail Client for Android - There is an insecure storage vulnerability for gesture passwords, when a user uses a gesture password, the password is stored in plaintext and can be...
Jobberbase 2.0 - Multiple Vulnerabilities
Jobberbase: http://www.jobberbase.com/ Version: 2.0 By Ross Marks: http://www.rossmarks.co.uk 1 Local path disclosure - change any variable to an array and in most cases it will tell you the local path where the application is installed eg...
CVE-2016-4524
ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors...
CVE-2016-4524
ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors...
Whisper: Insecure Local Data Storage : Application stores data using a binary sqlite database
Android provides several options for developers to save persistent application data. The local DB should store data depending on whether the data should be private to your application or accessible to other applications and users. In any case, sensible data always have to be encrypted to avoid...
Loxone Smart Home Multiple Vulnerabilities (Mar 2015)
Loxone Smart Home is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:loxone:miniserverfirmware...
Inductive Automation Ignition Vulnerabilities
OVERVIEW Evgeny Druzhinin, Alexey Osipov, Ilya Karpov, and Gleb Gritsai of Positive Technologies have identified several vulnerabilities in Inductive Automation’s Ignition Software. Inductive Automation has produced a patch that mitigates these vulnerabilities. These vulnerabilities could be...
[CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities]
Advisory Overview Multiple vulnerabilities exist in the Vembu Storegrid Backup and Disaster Recovery solution affecting both the client and server software see Additional Information section include but are not limited to reflected XSS, source code/sensitive information disclosure, privilege...
Tridium Niagara AX Web Server < 3.5.40.3 / 3.6 < 3.6.47.3 Multiple Vulnerabilities
Binary data 8348.prm...
Philips VOIP841 (Firmware <= 1.0.4.800) Multiple Vulnerabilities
No description provided by source. .: Philips VOIP841 Multiple Vulnerabilities :. Luca ikki Carettoni - [email protected] Systems affected: Philips VOIP841, Firmware Version 1.0.4.50 and 1.0.4.80, Web Server Version 1.5 simple httpd Systems not affected: n/a a Hidden Administration...
Starbucks mobile application information leakage
Insecure user data storing...
[CVE-2014-0647] Insecure Data Storage of User Data Elements in Starbucks v2.6.1 iOS mobile application
Title: CVE-2014-0647 Insecure Data Storage of User Data Elements in Starbucks v2.6.1 iOS mobile application Published: January 13, 2014 Reported to Vendor: December 2013 no direct response CVE Reference: CVE-2014-0647 Credit: This issue was discovered by Daniel E. Wood...
PicketBox: Insecure storage of masked passwords
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file...
LiveZilla < 5.1.2.1 Multiple Vulnerabilities
The version of LiveZilla hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by multiple cross-site scripting XSS vulnerabilities because it fails to properly sanitize user-supplied input. Note that CVE-2013-7003 was reportedly fixed in version...