5432 matches found
JVN#55263945: Multiple vulnerabilities in RICOH Interactive Whiteboard
RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. Command injection CWE-94 - CVE-2018-16184 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2| AV:N/AC:L/AU:N/C:C/I:C/A:C| Bas...
Default credentials
TP-Link Archer C5 devices through V2160201US allow remote command execution via shell metacharacters on the wandynhostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin ma...
Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials
Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials Exploit Title: Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials Google Dork: intitle:"ricoh myprint" "Copyright Ricoh. All Rights Reserved" Date: 2018-11-19 Exploit Author: Hodorsec Vendor Homepage: https://www.ricoh.com Software Link:...
Design/Logic Flaw
The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a...
python security update
CentOS Errata and Security Advisory CESA-2018:3347 An update for python-paramiko is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
CVE-2018-12037
An issue was discovered on Samsung 840 EVO and 850 EVO devices only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode, Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows...
Ricoh myPrint Hardcoded Credentials / Information Disclosure Vulnerability
Ricoh myPrint suffers from hardcoded application credential and information disclosure vulnerabilities. The myPrint windows client version 2.9.2.4 and myPrint android client version 2.2.7 are both affected. Exploit Title: Ricoh myPrint - Hardcoded application credentials and information disclosur...
Ricoh myPrint Hardcoded Credentials / Information Disclosure
Exploit Title: Ricoh myPrint - Hardcoded application credentials and information disclosure via WSDL webservices Google Dork: intitle:"ricoh myprint" "Copyright Ricoh. All Rights Reserved" Date: 19-11-18 Exploit Author: Hodorsec Vendor Homepage: https://www.ricoh.com Software Link:...
PHP-Proxy 5.1.0 - Local File Inclusion Vulnerability
Exploit for php platform in category web applications Exploit Title: PHP-Proxy 5.1.0 - Local File Inclusion Exploit Author: Ameer Pornillos Contact: https://ethicalhackers.club Vendor Homepage: https://www.php-proxy.com/ Software Link: https://www.php-proxy.com/download/php-proxy.zip Version: 5.1...
Security Bulletin: IBM UrbanCode Deploy diagnostics files may contain confidential data (CVE-2017-1286)
Summary Previous releases of IBM UrbanCode Deploy diagnostics files can contain highly confidential data. This can include passwords and/or encrypted values. Vulnerability Details CVEID: CVE-2017-1286 DESCRIPTION: Sensitive information about the configuration of the UCD server and database can be...
Microsoft Windows Security Bypass Vulnerability (CNVD-2019-02769)
Microsoft Windows 10 and others are products of Microsoft Corporation USA.Microsoft Windows 10 is an operating system for personal computers; Windows Server 2016 is a server operating system. A security bypass vulnerability exists in Microsoft Windows that originates when a program fails to...
PHP-Proxy 5.1.0 - Local File Inclusion
PHP-Proxy 5.1.0 - Local File Inclusion Exploit Title: PHP-Proxy 5.1.0 - Local File Inclusion Date: 2018-11-13 Exploit Author: Ameer Pornillos Contact: https://ethicalhackers.club Vendor Homepage: https://www.php-proxy.com/ Software Link: https://www.php-proxy.com/download/php-proxy.zip Version:...
PHP-Proxy 5.1.0 - Local File Inclusion
Exploit Title: PHP-Proxy 5.1.0 - Local File Inclusion Date: 2018-11-13 Exploit Author: Ameer Pornillos Contact: https://ethicalhackers.club Vendor Homepage: https://www.php-proxy.com/ Software Link: https://www.php-proxy.com/download/php-proxy.zip Version: 5.1.0 Category: Webapps Tested on: XAMPP...
PHP-Proxy 5.1.0 Local File Inclusion
Exploit Title: PHP-Proxy 5.1.0 - Local File Inclusion Date: 2018-11-13 Exploit Author: Ameer Pornillos Contact: https://ethicalhackers.club Vendor Homepage: https://www.php-proxy.com/ Software Link: https://www.php-proxy.com/download/php-proxy.zip Version: 5.1.0 Category: Webapps Tested on: XAMPP...
Local File Inclusion
php-proxy-app is vulnerable to local file inclusion. The vulnerability exists because it uses a default appkey, allowing the attacker to generate encrypted string and get unauthorized access to arbitrary local files in the server...
KB4465664 BitLocker Security Feature Bypass Vulnerability
The remote Windows host is missing security update 4465664. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption. An attacker with physical access to a powered off system could exploi...
A week in security (November 5 – 11)
Last week on Malwarebytes Labs, we looked at browser lockers that fly under the radar with complete obfuscation, transport and logistics in our series about compromising vital infrastructure, Google logins now requiring JavaScript, how to create a sticky cybersecurity training program, and an...
Cradlepoint Router Password Disclosure Vulnerability
Exploit for hardware platform in category web applications Cradlepoint Router Password Disclosure Many vulnerabilities in the built-in software of the Cradlepoint Router. 100000 such routers can be seen in the shodan https://www.shodan.io/search?query=cradlepointhttpservice. These vulnerabilities...
Oracle Linux 7 : python-paramiko (ELSA-2018-3347)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-3347 advisory. 2.1.1-9 - Fix a security flaw CVE-2018-1000805 in Paramiko's server mode does not effect client mode. Backported from 2.1.6 Resolves rhbz1637366 Tenable has...
Hardcoded credentials
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded BpP+2R9Q password in some case...