8066 matches found
Brute forcing device passwords
When working with IoT and embedded systems, brute-force password guessing attacks are an effective tool to gain access. Over the years, I’ve learned some tips and tricks to make these attacks more effective. What is brute forcing? Very simply, it’s guessing passwords so that you can find a valid...
CVE-2020-5667
Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...
CVE-2020-5667
Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...
Hardcoded credentials
Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...
Studyplus App uses a hard-coded API key for an external service
Overview Studyplus App provided by Studyplus Inc. uses a hard-coded API key for an external service CWE-798. Ryo Sato of BroadBand Security,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact API key for an...
JVN#00414047: Studyplus App uses a hard-coded API key for an external service
Studyplus App provided by Studyplus Inc. uses a hard-coded API key for an external service CWE-798. Impact API key for an external service may be obtained by analyzing data in the app. Note that a user is not directly affected by this vulnerability. Solution Update the Application Update the...
Konzept-iX PubliXone Authorization Issues Vulnerability
Konzept-iX PubliXone is a media production and document editing software from the German company Konzept-iX. PubliXone 2019.045 suffers from a security vulnerability that can cause cross-site scripting, account takeover, lack of access control, hard-coded keys, and file download distress. No...
Konzept-iX PubliXone Encryption Problem Vulnerability
Konzept-iX PubliXone is a media production and document editing software from the German company Konzept-iX. Konzept-iX PubliXone version 2019.045 suffers from an encryption issue vulnerability that causes PubliXone to suffer from cross-site scripting, account takeover, lack of access control,...
Konzept-iX PubliXone Cross-Site Scripting Vulnerability
Konzept-iX PubliXone is a media production and document editing software from the German company Konzept-iX. A cross-site scripting vulnerability exists in Konzept-iX PubliXone version 2019.045, which exposes PubliXone to cross-site scripting, account takeover, lack of access control, hard-coded...
Konzept-iX PubliXone Information Disclosure Vulnerability
Konzept-iX PubliXone is a media production and document editing software from the German company Konzept-iX. PubliXone 2019.045 suffers from an information disclosure vulnerability that can cause cross-site scripting, account takeover, lack of access control, hard-coded keys, and file download...
Konzept-iX PubliXone Information Disclosure Vulnerability (CNVD-2020-60716)
Konzept-iX PubliXone is a media production and document editing software from the German company Konzept-iX. An information disclosure vulnerability exists in Konzept-iX PubliXone version 2019.045, which exposes PubliXone to cross-site scripting, account takeover, lack of access control, hard-cod...
Exploit for Use of Hard-coded Cryptographic Key in Apache Aurora
Awesome-shiro CVE-2016-4437 Shiro=1.2.4反序列化,爆破模块和key、代码执行、反弹shell的工具 ---- 漏洞原因 因为shiro对cookie里的rememberme字段进行了反序列化,所以如果知道了shiro的编码方式,然后将恶意命令用它的编码方式进行编码并放在http头的cookie里,在shiro对提交的cookie的rememberme字段进行反序列化时,也就执行了插入的命令,最终造成了命令执行 shiro默认使用了CookieRememberMeManager,其处理cookie的流程是:...
NVIDIA DGX servers BMC firmware trust management issue vulnerability
NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. A vulnerability with trust management issues exists in the NVIDIA DGX servers BMC firmware prior to version 3.38.30, which stems from a vulnerability in the AMI BMC firmware that contains a vulnerability usin...
NVIDIA Patches Critical Bug in High-Performance Servers
NVIDIA released a patch for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies. In all, NVIDIA issued nine patches, each fixin...
NVIDIA Patches Critical Bug in High-Performance Servers
NVIDIA released a patch for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies. In all, NVIDIA issued nine patches, each fixin...
CVE-2020-11615
NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure...
CVE-2020-11487
NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versions prior to 1.06.06 and all DGX A100 Servers with all BMC firmware versions, contains a vulnerability in the AMI BMC firmware in which the use of a hard-coded RSA 1024 key with weak ciphers may le...
CVE-2020-11615
NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure...
CVE-2020-11483
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges or information...
CVE-2020-11483
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges or information...