New IoT Bill Proposes Security Standards for Smart Devices

By this time, almost every one of you owns at least one internet-connected device—better known as the "Internet of things"—at your home, but how secure is your device? We have recently seen Car hacking that could risk anyone's life, Hoverboard hacking, even hacking of a so-called smart Gun and al...

Trend Micro Deep Discovery Director Hard-Coded Archive File Password Vulnerability

Trend Micro Deep Discovery is a protection product from Trend Micro that detects and identifies hard-to-find threats in real time and proposes solutions. director is one of the built-in solutions with the ability to update and upgrade various programs in Deep Discovery. A security vulnerability...

New Bill Seeks Basic IoT Security Standards

Lawmakers in the U.S. Senate today introduced a bill that would set baseline security standards for the government's purchase and use of a broad range of Internet-connected devices, including computers, routers and security cameras. The legislation, which also seeks to remedy some widely-perceive...

CVE-2017-11129

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content out, for example the private key of the user...

CVE-2017-11129

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content out, for example the private key of the user...

MEDHOST Document Management Information Disclosure Vulnerability

MEDHOST Document Management System is a document management system from the American company MEDHOST. The system manages documents such as user access and audit logs by defining different roles and permissions. A security vulnerability exists in MEDHOST Document Management System, which originate...

MEDHOST Document Management Hardcoded Certificate Disclosure Vulnerability

MEDHOST Document Management System is a document management system from the American company MEDHOST. The system manages documents such as user access and audit logs by defining different roles and permissions. A security vulnerability exists in MEDHOST Document Management System due to a...

MEDHOST Document Management Information Disclosure Vulnerability (CNVD-2017-27413)

MEDHOST Document Management System is a document management system from the American company MEDHOST. The system manages documents such as user access and audit logs by defining different roles and permissions. A security vulnerability exists in MEDHOST Document Management System, which originate...

CVE-2017-11743

MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer Mirth Connect management access. An attacker with knowledge of the hard-coded credential and the ability to communicate directly with the Mirth Connect management console may be able to intercept sensiti...

CVE-2017-11743

MEDHOST Connex (CVE-2017-11743) contains a hard-coded Mirth Connect admin credential ($K8t1ng) used for customer management access. The admin password is plaintext and identical across all installations, created during Connex install, with no option for customers to change it. A remote attacker a...

CVE-2017-11743

MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer Mirth Connect management access. An attacker with knowledge of the hard-coded credential and the ability to communicate directly with the Mirth Connect management console may be able to intercept sensiti...

CVE-2015-5191

VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H...

CVE-2015-5191

VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H...

CVE-2017-11694

MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with Apache Solr may be able to obtain or modify sensitive patient and financial information. T...

CVE-2017-11693

MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial...

Hardcoded credentials

MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with Apache Solr may be able to obtain or modify sensitive patient and financial information. T...

Hardcoded credentials

MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial...

CVE-2017-11693

CVE-2017-11693 affects MEDHOST Document Management System. Connected sources confirm a hard-coded credential (dms) used for PostgreSQL access, with the password identical across installations. This grants direct database access to the DMS schema and can lead to exposure or modification of patient...

CVE-2017-11694

The MEDHOST Document Management System contains hard-coded credentials used for Apache Solr access (account name: dms). This password is embedded throughout the application, identical across installations, and cannot be changed by customers. An attacker who knows these credentials and can connect...

CVE-2017-11693

MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial...