697 matches found
CVE-2017-18317
CVE-2017-18317 affects Qualcomm closed‑source components in Snapdragon Automotive and Snapdragon Mobile (MSM8996AU, SD 410/12, SD 820, SD 820A). The issue allows bypass of modem restrictions (sim lock/sim kill) by manipulating the system to issue a deactivation flow sequence. The available docume...
WordPress Media File Manager plugin <= 1.4.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability found by boombyte in WordPress Media File Manager plugin versions = 1.4.2. Solution WordPress Media File Manager plugin was closed on 2018 November 8 and is no longer available for download. Please deactivate and uninstall plugin as soon as possibl...
Chaturbate: Stats Token doesn't expire after deactivating account
The hacker found that the stats token, that a user can use to access their own account information, does not expire when an account is deactivated. This was resolved so the view could not be used after deactivation. Application has a feature Authorize your 3rd party stats that provides users a wa...
CVE-2018-5165
In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to...
WordPress WP-Testimonials plugin <=3.4.1 - SQL Injection vulnerability
WordPress WP-Testimonials plugin is prone to SQL injection vulnerability. The vulnerability allows an authenticated user to execute arbitrary SQL commands via the "testid" parameter to wp-admin/admin.php Solution WordPress WP-Testimonials plugin removed from WordPress plugin directory. We suggest...
WordPress < 3.3.2 Multiple Vulnerabilities
Binary data 9101.prm...
CVE-2015-8254
The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to 1 initiate a false alarm or 2 deactivate an alarm by modifying the client-server data stream...
[SYSS-2015-009] Kaspersky Anti-Virus - Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-009 Product: Kaspersky Anti-Virus KAV Vendor: Kaspersky Lab ZAO Affected Versions: 15.0.1.415 Tested Versions: 15.0.1.415 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level: Medium...
[SYSS-2015-003] Kaspersky Small Office Security - Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-003 Product: Kaspersky Small Office Security KSOS Vendor: Kaspersky Lab ZAO Affected Versions: 13.0.4.233 Tested Versions: 13.0.4.233 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk...
[SYSS-2015-005] Kaspersky Total Security - Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-005 Product: Kaspersky Total Security KTS Vendor: Kaspersky Lab ZAO Affected Versions: 15.0.1.415 Tested Versions: 15.0.1.415 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level:...
[SYSS-2015-007] Kaspersky Internet Security - Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-007 Product: Kaspersky Internet Security KIS Vendor: Kaspersky Lab ZAO Affected Versions: 15.0.2.361 Tested Versions: 15.0.2.361 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level:...
Siemens RUGGEDCOM ROX-based Devices NTP Vulnerabilities
OVERVIEW Siemens has reported to NCCIC/ICS-CERT that NTP daemon vulnerabilities exist in the Siemens RUGGEDCOM ROX-based devices. Siemens has produced firmware updates to mitigate these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCTS The following Siemens...
Write a unable to uninstall the App – Device Manager vulnerability-vulnerability warning-the black bar safety net
Two days ago some friends found the phone has an app cannot be uninstalled, after known because the Device Manager to activate the LED, then go try to cancel, but the cancel the the moment the card machine. Repeatedly toss after, only to re-brush. Later he sent an article about the Device Manager...
Mozilla Disables Flash in Firefox
As the zero days in Adobe Flash continue to pile up, Mozilla has taken the unusual step of disabling by default all versions of Flash in Firefox. The move is a temporary one as Adobe prepares to patch two vulnerabilities in Flash that were discovered as a result of the HackingTeam document dump...
[SYSS-2015-019] BullGuard Antivirus - Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-019 Product: BullGuard Antivirus Vendor: BullGuard Ltd. Affected Versions: 15.0.297 Tested Versions: 15.0.297 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level: Medium Solution...
WordPress Citizen Space 1.1 Cross Site Scripting
Details ================ Software: Citizen Space Version: 1.1 Homepage: http://wordpress.org/plugins/citizen-space/ Advisory report: https://security.dxw.com/advisories/reflected-xss-in-citizen-space-allows-attackers-to-view-sensitive-information-of-the-attackers-choosing/ CVE: Awaiting assignmen...
[SYSS-2015-014] Panda Global Protection 2015 - Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-014 Product: Panda Global Protection 2015 Vendor: Panda Security Affected Versions: 15.1.0 Tested Versions: 15.1.0 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level: Medium Solutio...
[SYSS-2015-012] Panda Internet Security 2015 - Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-012 Product: Panda Internet Security 2015 Vendor: Panda Security Affected Versions: 15.0.1 Tested Versions: 15.0.1 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level: Medium Solutio...
[SYSS-2015-015] Panda Gold Protection 2015 - Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-015 Product: Panda Gold Protection 2015 Vendor: Panda Security Affected Versions: 15.1.0 Tested Versions: 15.1.0 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level: Medium Solution...
SMA Solar Technology AG Sunny WebBox Hard-Coded Account Vulnerability
OVERVIEW This updated advisory is a follow-up to the advisory titled ICSA-15-181-02 SMA Solar Technology AG Sunny WebBox Hard-Coded Account Vulnerability that was published September 3, 2015, on the NCCIC/ICS-CERT web site. Aleksandr Timorin of PT Security has identified a hard-coded account...