4050 matches found
General Motors and Shanghai OnStar (SOS) iOS Client
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: General Motors GM, Shanghai OnStar SOS Equipment: SOS iOS Client Vulnerabilities: Cleartext Storage of Sensitive Information, Man-in-the-Middle, Improper Authentication REPOSTED INFORMATION This advisory was originall...
Snapchat: RCE/LFI on test Jenkins instance due to improper authentication flow
@nahamsec found a test Jenkins instance where they could login with any valid Google account. Once logged in, they gained the ability to execute arbitrary code via the Jenkins Script Console. This was a test jenkins instance with no access to source code or resources. Methodology Here is the...
CVE-2017-7920
An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator URL on the web server, a malicious user is able to access internal information...
CVE-2017-9630
An Improper Authentication issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all versions, ProTouch Tandem, all versions,...
Authentication flaw
An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator URL on the web server, a malicious user is able to access internal information...
CVE-2017-9630
CVE-2017-9630 is an Improper Authentication vulnerability in PDQ Manufacturing LaserWash/G5, G5 S, M5, 360/360 Plus, AutoXpress/AutoExpress Plus, LaserJet, ProTouch Tandem/Icon/AutoGloss. The web server does not properly verify authentication information, enabling remote access with no user privi...
CVE-2017-7920
The CVE-2017-7920 issue affects ABB VSN300 WiFi Logger Card and VSN300 WiFi Logger Card for React (versions 1.8.15 and prior; 2.1.3 and prior, respectively). The root cause is Improper Authentication: a malicious actor can access internal status and connected-device information by requesting a sp...
CVE-2017-7920
An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator URL on the web server, a malicious user is able to access internal information...
PDQ Manufacturing, Inc. LaserWash, Laser Jet and ProTouch
CVSS v3 9.4 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available Vendor: PDQ Manufacturing, Inc. Equipment: LaserWash, Laser Jet and ProTouch Vulnerabilities: Improper Authentication, Missing Encryption of Sensitive Data AFFECTED PRODUCTS The following version...
ABB VSN300 WiFi Logger Card
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: ABB Equipment: VSN300 WiFi Logger Card Vulnerabilities: Improper Authentication; Permissions, Privileges, and Access Controls AFFECTED PRODUCTS The following versions of VSN300 WiFi Logger Card, a device for solar...
Authentication flaw
An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process CP of the RNA series module, if network access to Port 102/TCP is available a...
CVE-2017-6868
An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process CP of the RNA series module, if network access to Port 102/TCP is available a...
CVE-2017-6868
An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process CP of the RNA series module, if network access to Port 102/TCP is available a...
Siemens SIPROTEC 4 and SIPROTEC Compact (Update C)
CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the updated...
HP SiteScope Multiple Vulnerabilities (HPESBGN03763)
The version of HP SiteScope running on the remote host is 11.2x or 11.3x. It is, therefore, affected by multiple vulnerabilities : - A cryptographic weakness exists in the sspu.jar library due to the use of hard-coded encryption keys. A local attacker can exploit this to disclose potentially...
Authentication flaw
An Improper Authentication issue was discovered in Newport XPS-Cx and XPS-Qx. An attacker may bypass authentication by accessing a specific uniform resource locator URL...
CVE-2017-7919
The CVE-2017-7919 issue affects Newport XPS-Cx and XPS-Qx, where an attacker may bypass authentication by accessing a specific URL. This is classified as Improper Authentication with high impact (CVSS v3 base score 9.8) and is remotely exploitable with no user interaction. Affected products inclu...
Siemens Viewport for Web Office Portal
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Viewport for Web Office Portal Vulnerability: Improper Authentication AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following ViewPort for Web Office Portal products: ViewPort...
Schneider Electric U.motion Builder (Update A)
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Schneider Electric Equipment: U.motion Builder --------- Begin Update A Part 1 of 5 -------- Vulnerabilities: SQL Injection, Path Traversal, Improper...
Newport XPS-Cx, XPS-Qx
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Newport Equipment: XPS-Cx, XPS-Qx Vulnerability: Improper Authentication AFFECTED PRODUCTS The following versions of XPS-Cx and XPS-Qx, a universal motion controller, are affected: XPS-Cx all versions, and XPS-Qx all...