92 matches found
CVE-2016-1492
The Wifi hotspot in Lenovo SHAREit before 3.5.48ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area...
CVE-2016-1489
CVE-2016-1489 affects Lenovo SHAREit for Windows (before 3.2.0) and Android (before 3.5.48_ww); files transferred over HTTP are in cleartext, enabling an attacker to sniff traffic or perform MITM attacks. CoreLabs and Lenovo advisories note related flaws (hard-coded password and unencrypted trans...
CVE-2016-1490
CVE-2016-1490 is part of Lenovo SHAREit vulnerabilities reported by Core Security (CORE-2016-0002). It describes information disclosure on Windows SHAREit when the Wi‑Fi hotspot is active with the default password 12345678. An attacker within range could remotely browse file names by issuing an H...
CVE-2016-1491
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area...
CVE-2016-1490
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list...
CVE-2016-1491
Summary of CVE-2016-1491 (Lenovo SHAREit) : CoreLabs’ advisory confirms a hard-coded password vulnerability in Lenovo SHAREit for Windows prior to version 3.2.0 where a Wi‑Fi hotspot is created to receive files using the fixed password “12345678,” enabling a remote attacker within WLAN range to g...
CVE-2016-1492
CVE-2016-1492 concerns Lenovo SHAREit for Android. When the app is configured to receive files, it creates an open Wi‑Fi hotspot with no password, allowing an attacker within WLAN range to connect and potentially capture traffic transferred between devices. The CoreLabs advisory and Lenovo securi...
Lenovo SHAREit App Hard-Coded Password
Lenovo today has patched a number of vulnerabilities that jeopardize private data, which are largely enabled by a simple hard-coded password in a freely available file-sharing application. The flaws were found in in the Lenovo ShareIT application for Android and Windows by researchers at Core...
Lenovo ShareIT Information Disclosure / Hardcoded Password
Advisory Information Title: Lenovo ShareIT Multiple Vulnerabilities Advisory ID: CORE-2016-0002 Advisory URL: http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities Date published: 2016-01-25 Date of last update: 2016-01-22 Vendors contacted: Lenovo Release mode:...
Lenovo ShareIT Multiple Vulnerabilities
Advisory ID Internal CORE-2016-0002 1. Advisory Information Title: Lenovo ShareIT Multiple Vulnerabilities Advisory ID: CORE-2016-0002 Date published: 2016-01-25 Date of last update: 2016-01-22 Vendors contacted: Lenovo Release mode: Coordinated release 2. Vulnerability Information Class: Use of...
SHAREit WebShare 2.3.80 Cross Site Scripting
http://192.168.1.5/list?path=alert/Mahdi.Hidden/...
SHAREit WebShare 2.3.80 Cross Site Request Forgery
Ex. http://192.168.1.2 Ex. /folder/image.jpg setTimeoutcsrf.submit,1; Ex. http://192.168.1.2 Ex. /folder/ setTimeoutcsrf.submit,1;...