3858 matches found
CVE-2013-4733
The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 allows remote attackers to obtain sensitive configuration and status information by reading log files...
CVE-2013-4734
dasdecmkuser on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 generates predictable passwords, which might make it easier for attackers to obtain non-administrative access via unspecified vectors...
CVE-2013-0137
The default configuration of the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 contains a known SSH private key, which makes it easier for remote attackers to obtain root access, and spoof alerts, via an SSH session...
Default credentials
The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 have a default password for an administrative account, which makes it easier for remote attackers to obtain access via an IP network...
Code injection
The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU662676...
Default configuration
The default configuration of the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 contains a known SSH private key, which makes it easier for remote attackers to obtain root access, and spoof alerts, via an SSH session...
Design/Logic Flaw
dasdecmkuser on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 generates predictable passwords, which might make it easier for attackers to obtain non-administrative access via unspecified vectors...
CVE-2013-4732
CVE-2013-4732 affects Digital Alert Systems DASDEC EAS device (versions 2.0-2) and Monroe Electronics R189 One-Net EAS device (versions 2.0-2). The issue is predictable session ID values in the administrative web server, enabling potential session hijacking by sniffing the network. Public documen...
CVE-2013-4733
The CVE-2013-4733 entry affects the web server component of the Digital Alert Systems DASDEC EAS device and the Monroe Electronics R189 One-Net EAS device, both versions prior to 2.0-2. An attacker can remotely read log files to obtain sensitive configuration and status information, exposing conf...
CVE-2013-4735
The CVE-2013-4735 issue affects the Digital Alert Systems DASDEC EAS device prior to 2.0-2 and Monroe Electronics R189 One-Net EAS prior to 2.0-2, which have a default administrative password. The underlying risk is that an attacker could remotely obtain access over an IP network due to this defa...
CVE-2013-0137
The default configuration of the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 contains a known SSH private key, which makes it easier for remote attackers to obtain root access, and spoof alerts, via an SSH session...
CVE-2013-4733
The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 allows remote attackers to obtain sensitive configuration and status information by reading log files...
CVE-2013-4735
The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 have a default password for an administrative account, which makes it easier for remote attackers to obtain access via an IP network...
Digital Alert Systems and Monroe Electronics EAS Firmware Security Advisory
Digital Alert Systems' DASDEC and Monroe Electronics' One-Net E189 Emergency Alert System EAS encoder/decoder ENDEC devices exposed a shared private root SSH key in publicly available firmware images. Additional information is also available in CERT Vulnerability Note VU662676. US-CERT recommends...
Sprite Software Android Race Condition
Subject: Race condition in Sprite Software's backup software, installed by OEM on LG Android devices. CVE ID: CVE-2013-3685 Initial disclosure: https://plus.google.com/110348415484169880343/posts/Me2yea2PgwE Source: https://github.com/CunningLogic/LGPwn Effect: Locally exploited vulnerability wit...
Monroe Electronics DASDEC Compromised Root SSH Key
OVERVIEW This advisory provides mitigation details for a vulnerability that impacts the Monroe Electronics DASDEC. Mike Davis, a researcher with IOActive, reported a compromised root SSH key vulnerability to CERT Coordination Center CERT/CC. This vulnerability is in Monroe Electronics DASDEC‑I an...
Samsung's new OS Tizen 2.0 source code released
The Tizen 2.0 source code and SDK has officially been released. Tizen is a Linux-based open-source software platform backed by Intel and Samsung Electronics, that is designed for smartphones, tablets, smart TVs and in-car systems and it's designed to run apps written using web technologies...
DHS: Border Device Search Policy Does Not Violate Fourth Amendment
The Department of Homeland Security’s Office for Civil Rights and Civil Liberties CLCR has determined that the DHS’s warrantless, and often suspicion-less, search and seizure of electronics devices at U.S. borders does not violate the Fourth Amendment protection against unreasonable search or...
Samsung Kies 2.5.0.12114_1 Buffer Overflow
Advisory ID: HTB23136 Product: Samsung Kies Vendor: Samsung Electronics Vulnerable Versions: 2.5.0.121141 Tested Version: 2.5.0.121141 on Windows 7 SP1 and Internet Explorer 9.0 Vendor Notification: December 19, 2012 Vendor Patch: December 27, 2012 Public Disclosure: January 9, 2013 Vulnerability...
More VMware ESX Source Code Posted Online
For the third time this year, VMware ESX source code has been posted online. A hacker known as Stun claiming to be affiliated with Anonymous tweeted a link to a torrent site hosting the stolen VMkernel source code. VMware director of platform security Iain Mulholland acknowledged the breach on...