5313 matches found
CVE-2018-15811
DNN aka DotNetNuke 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
FaceSentry Access Control System 6.4.8 - Remote Command Injection Vulnerability
Exploit for hardware platform in category web applications FaceSentry Access Control System 6.4.8 Remote Command Injection Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build...
FaceSentry Access Control System 6.4.8 Remote Command Injection
FaceSentry Access Control System 6.4.8 Remote Command Injection Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14 Summary: FaceSentry 5AN is a revolutionar...
FaceSentry Access Control System 6.4.8 - Remote Command Injection
FaceSentry Access Control System 6.4.8 Remote Command Injection Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14 Summary: FaceSentry 5AN is a revolutionar...
FaceSentry Access Control System 6.4.8 Cleartext Password Storage
Summary FaceSentry 5AN is a revolutionary smart identity management appliance that offers entry via biometric face identification, contactless smart card, staff ID, or QR-code. The QR-code upgrade allows you to share an eKey with guests while you're away from your Office and monitor all activity...
CVE-2019-6972
An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credentials can be easily decoded and cracked by brute-force, WordList, or Rainbow Table attacks. Specifically, credentials in the "Authorization" cookie are encoded with URL encoding and base64, leading to easy decoding. Also, the...
CVE-2019-6972
The CVE-2019-6972 issue affects TP-Link TL-WR1043ND V2 devices. The vulnerability arises from credentials stored in the Authorization cookie being URL-encoded and base64 encoded, making them easily decoded; the username is in cleartext and the password is MD5-hashed after decoding. This exposes w...
CVE-2018-10239
A privilege escalation vulnerability in the "support access" feature on Infoblox NIOS 6.8 through 8.4.1 could allow a locally authenticated administrator to temporarily gain additional privileges on an affected device and perform actions within the super user scope. The vulnerability is due to a...
CVE-2018-10239
A privilege escalation vulnerability in the "support access" feature on Infoblox NIOS 6.8 through 8.4.1 could allow a locally authenticated administrator to temporarily gain additional privileges on an affected device and perform actions within the super user scope. The vulnerability is due to a...
CVE-2018-10239
A privilege escalation vulnerability in the "support access" feature on Infoblox NIOS 6.8 through 8.4.1 could allow a locally authenticated administrator to temporarily gain additional privileges on an affected device and perform actions within the super user scope. The vulnerability is due to a...
Quantopian: Cross-site scripting on algorithm collaborator
Hi again my favorite VDP team. I bring you 8th bug and 4th cross-site scripting. Currently trying to upload python code via self-serve data, not looking for XSS'es only, but they're a thing still, right? Summary: By sending specially crafted websockets request attacker can run javascript in...
OPENSUSE-SU-2019:1533-1 Security update for bind
This update for bind fixes the following issues: Security issues fixed: - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones bsc1126069. - CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to ...
Security update for bind (important)
openSUSE Security Update: Security update for bind Announcement ID: openSUSE-SU-2019:1532-1 Rating: important References: 1104129 1126068 1126069 1133185 Cross-References: CVE-2018-5740 CVE-2018-5743 CVE-2018-5745 CVE-2019-6465 Affected Products: openSUSE Leap 42.3 An update that fixes four...
SUSE-SU-2019:1449-1 Security update for bind
This update for bind fixes the following issues: Security issues fixed: - CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature bsc1104129. - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable...
Signature Verification Bypass in jwt-simple
Versions of jwt-simple prior to 0.5.3 are vulnerable to Signature Verification Bypass. If no algorithm is specified in the decode function, the packages uses the algorithm in the JWT to decode tokens. This allows an attacker to create a HS256 symmetric algorithm JWT with the server's public key a...
GHSA-8V5F-HP78-JGXQ Signature Verification Bypass in jwt-simple
Versions of jwt-simple prior to 0.5.3 are vulnerable to Signature Verification Bypass. If no algorithm is specified in the decode function, the packages uses the algorithm in the JWT to decode tokens. This allows an attacker to create a HS256 symmetric algorithm JWT with the server's public key a...
[SECURITY] Fedora 30 Update: safelease-1.0.1-1.fc30
Safelease is a legacy cluster lock utility used by VDSM. It is based on the algorithm presented in the article "Light-Weight Leases for Storage-Centric Coordination" by G Chockler and D Malkhi...
Computrols CBAS Insufficient Encryption Strength Vulnerability
CBAS Web is a Web-based building management system BMS from Computrols. Computrols CBAS Web suffers from an insufficient encryption strength vulnerability. The vulnerability stems from the fact that this application stores passwords in a database using MD5 hashes, and the MD5 algorithm is...
CVE-2019-11841
A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...
CVE-2019-11841
A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...