169 matches found
Sensitive data of 80 million US households exposed online
By Uzair Amir The 24 GB database was hosted on a Microsoft cloud server. Another day, another data breach; this time researchers have discovered an unprotected cloud repository containing personal and financial information of more than 80 million US households. This incident reminds us of two...
Default credentials
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams...
CVE-2018-17919
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams...
Code injection
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps...
CVE-2018-17917
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps...
CVE-2018-17915
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the upda...
CVE-2018-17915
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the upda...
CVE-2018-17917
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps...
CVE-2018-17915
CVE-2018-17915 affects Hangzhou Xiongmai XMeye P2P Cloud products (IP cameras, NVRs/DVRs). SEC Consult reports describe a remote code execution/integrity issue in XMeye P2P Cloud, with vulnerable implementations that lack proper protection during update/communication, enabling an attacker to pote...
CVE-2018-17917
CVE-2018-17917 affects Hangzhou Xiongmai XMeye P2P Cloud Server. The vulnerability allows an attacker to enumerate potential Cloud IDs by using MAC addresses, enabling discovery of valid devices and connection via supported XMeye apps. Root cause described across sources is predictable/derivable ...
Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit/information related to these vulnerabilities is publicly available Vendor: Hangzhou Xiongmai Technology Co., Ltd Equipment: XMeye P2P Cloud Server Vulnerabilities: Predictable From Observable State, Hidden...
L1 Terminal Fault Side Channel Vulnerabilities - US
Lenovo Security Advisory: LEN-24163 Potential Impact: Malicious code running locally may be able to observe contents of privileged memory, circumventing expected privilege levels Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 Summary...
L1 Terminal Fault Side Channel Vulnerabilities - Lenovo Support US
No description provided...
Denial of service
Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams...
CVE-2018-6302
Hanwha Techwin SmartCam is affected by CVE-2018-6302, a cloud-server DoS vulnerability tied to the SmartCam cloud architecture (XMPP-based Jabber server). The issue enables an attacker to block new camera registrations on the cloud, potentially compromising the registration/operation of cameras a...
CVE-2018-6302
Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams...
Hackers Compromise Tesla Cloud Server to Mine Cryptocurrency
By Waqas It is 2018 and the easiest way to make quick This is a post from HackRead.com Read the original post: Hackers Compromise Tesla Cloud Server to Mine Cryptocurrency...
CVE-2017-7147
An issue was discovered in certain Apple products. The Apple Support app before 1.2 for iOS is affected. The issue involves the "Analytics" component. It allows remote attackers to obtain sensitive analytics information by leveraging its presence in a cleartext HTTP transmission to an Adobe...
Passwords For 540,000 Car Tracking Devices Leaked Online
Another day, another news about a data breach, though this is something disconcerting. Login credentials of more than half a million records belonging to vehicle tracking device company SVR Tracking have leaked online, potentially exposing the personal data and vehicle details of drivers and...
inClick Cloud Server 5.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: inClick Cloud Server 5.0 - SQL Injection Dork: N/A Date: 12.09.2017 Vendor Homepage: http://www.inclick.net/ Software Link: http://www.inclick.net/pageid/demo.html Demo: http://www.inclick.net/pageid/demo.html Version: 5.0...