98 matches found
CVE-2020-27258
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure vulnerability in the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows unauthenticated attackers to extract the pump’s keypad lock PIN via Bluetooth...
CVE-2020-27258
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure vulnerability in the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows unauthenticated attackers to extract the pump’s keypad lock PIN via Bluetooth...
Code injection
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low...
CVE-2020-27264
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low...
CVE-2020-27258
The CVE-2020-27258 issue affects SOOIL Dana Diabecare RS pumps and the AnyDana-i/AnyDana-A mobile apps. It is an information-disclosure vulnerability in the BLE communication protocol that allows unauthenticated attackers within Bluetooth proximity to extract the pump keypad lock PIN. Public sour...
CVE-2020-27258
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure vulnerability in the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows unauthenticated attackers to extract the pump’s keypad lock PIN via Bluetooth...
CVE-2020-27256
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin therapy settings...
CVE-2020-27256
Hard-coded physician PIN in the insulin pump’s physician menu allows attackers with physical access to change insulin therapy settings. Affected products include Dana Diabecare RS (all versions before 3.0) and AnyDana-i/AnyDana-A (all versions before 3.0). Root cause is credential hard-coding; im...
CVE-2020-27270
SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via BLE...
CVE-2020-27272
SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop t...
CVE-2020-27276
SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate...
CVE-2020-27276
CVE-2020-27276 affects SOOIL Dana Diabecare insulin pumps and related AnyDana-i/AnyDana-A apps. The Connected Health disclosures enumerate multiple related flaws in the BLE-based protocol, including key exchange without entity authentication and replay/credential handling weaknesses (CWE-322, CWE...
CVE-2020-27276
SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate...
CVE-2020-27272
SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop t...
CVE-2020-27270
CVE-2020-27270 affects Dana Diabecare insulin pumps and the AnyDana-i/AnyDana-A mobile apps. The vulnerability arises from unprotected encryption keys in transit over Bluetooth Low Energy, enabling unauthenticated, physically proximate attackers to sniff keys. Affected products include Dana Diabe...
CVE-2020-27270
SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via BLE...
hrdevelopments.co.uk Cross Site Scripting vulnerability OBB-1362477
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
manuals.ootpdevelopments.com XSS vulnerability
Vulnerable URL: http://manuals.ootpdevelopments.com/index.php?man=1/-///'/"//--...
qualicodevelopments.ca XSS vulnerability
Vulnerable URL: http://www.qualicodevelopments.ca/Winnipeg-Home-Builders.cfm?bid=12344321%27%22%20/Style=position:fixed;top:0;left:0;font-size:999px;%20/Onmouseenter=confirmOPENBUGBOUNTY%20// Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:|...
US-based website covering China's Bo Xilai scandal hacked
US-based website covering China's Bo Xilai scandal hacked A US-based website that has reported extensively on the Bo Xilai scandal in Chongqing says it has been crippled by a concerted hacker attack. The site was rendered inaccessible for much of Thursday, depriving readers of coverage of the...