260 matches found
CVE-2017-17463
Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and pskwepkey fields...
ike-scan - Discover and fingerprint IKE hosts (IPsec VPN Servers)
Discover and fingerprint IKE hosts IPsec VPN Servers. Building and Installing ike-scan uses the standard GNU autoconf and automake tools, so installation is the normal process: Run git clone https://github.com/royhills/ike-scan.git to obtain the project source code Run cd ike-scan to enter source...
OSRAM SYLVANIA Osram Lightify Home Information Disclosure Vulnerability
OSRAM SYLVANIA Osram Lightify Home is an open IoT platform for automated control of lighting devices from German company OSRAM. A security vulnerability exists in OSRAM SYLVANIA Osram Lightify Home versions prior to 2016-07-26, which originates from the program storing the PSK in plaintext in the...
Mimosa Client Radios Information Disclosure Vulnerability
Mimosa Client Radios is a management program for client devices of the Mimosa multipoint solution from Mimosa Networks, Inc. A security vulnerability exists in Mimosa Client Radios versions prior to 2.2.3. The vulnerability can be exploited by an attacker to download arbitrary files from the devi...
CVE-2017-9136
An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be...
Cisco ASA Software Internet Key Exchange Version 1 XAUTH Denial of Service Vulnerability (cisco-sa-20170419-asa-xauth)
A vulnerability in the Internet Key Exchange Version 1 IKEv1 XAUTH code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and ar...
Cisco ASA Software Internet Key Exchange Version 1 XAUTH Denial of Service Vulnerability
A vulnerability in the Internet Key Exchange Version 1 IKEv1 XAUTH code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to insufficient validation of the IKEv1 XAUTH parameters passed during an IKEv1 negotiation...
PT-2017-17181 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco ASA Software versions prior to 9.17.7 Cisco ASA Software versions prior to 9.24.11 Cisco ASA Software versions prior to 9.44 Cisco ASA Software versions prior to 9.53 Cisco ASA Software versions prior to 9.61.5 Description: A...
CVE-2016-5056
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK...
Fortinet FortiManager Man-in-the-Middle Attack Vulnerability
Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices and can group devices into different management domains ADOM to further simplify multi-device security deployment and managemen...
Denial Of Service (DoS)
OpenSSL is vulnerable to denial of service DoS attacks. A malicious user can pass a malicious Pre-Shared Key identity hint to the system that can lead to a double free that can lead to the system crashing...
OpenSSL: Race condition handling PSK identify hint
A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key PSK identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL...
Information disclosure
Siemens SIMATIC STEP 7 TIA Portal before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack...
CVE-2016-7959
Siemens SIMATIC STEP 7 TIA Portal before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack...
CVE-2016-7959
Siemens SIMATIC STEP 7 (TIA Portal) before version 14 stores pre‑shared key data in TIA project files, enabling local attackers with file access to brute‑force and read sensitive information. The vulnerability is described across multiple sources (NVD entry for CVE-2016-7959 and PT Security advis...
CVE-2016-7959
Siemens SIMATIC STEP 7 TIA Portal before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack...
Siemens SIMATIC STEP 7 suffers from an information disclosure vulnerability (CNVD-2016-08768)
Siemens SIMATIC is an automation software with a single engineering environment. An information disclosure vulnerability exists in Siemens SIMATIC STEP 7 V12 and V13. A local attacker can exploit the vulnerability to read TIA project files by brute-force breaking the pre-shared key, resulting in...
How to Hack WiFi Password from Smart Doorbells
The buzz around The Internet of Things IoT is growing, and it is growing at a great pace. Every day the technology industry tries to connect another household object to the Internet. One such internet-connected household device is a Smart Doorbell. Gone are the days when we have regular doorbells...
OpenSSL: Race condition handling PSK identify hint
A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key PSK identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL...
OpenSSL Competitive Conditional Denial of Service Vulnerability
OpenSSL is an open source implementation of SSL for strong encryption of network communications. A security vulnerability exists in OpenSSL, which can be exploited by a remote attacker to send a special PSK identity that triggers a contention condition and then triggers two releases of memory,...