158 matches found
Sophos Authenticator 安全漏洞
Sophos Authenticator is a simple and intuitive application from Sophos UK. It is used to provide multiple authentication on mobile devices. Sophos Authenticator suffers from a security vulnerability that stems from insecure data storage. A physical attacker with root privileges could exploit this...
PT-2022-7021 · Qnap · Qvr Pro Client
Name of the Vulnerable Software and Affected Versions: QVR Pro Client versions prior to 2.3.0.0420 Description: The issue is related to insufficient protection of registration data in QVR Pro Client, which may allow an attacker to gain unauthorized access to protected information. An insertion of...
CVE-2021-3179
GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass...
CVE-2021-3179
CVE-2021-3179 concerns the GGLocker iOS app, where an insecure data storage of the password hash enables an authentication bypass. The entry is corroborated by multiple sources in connected documents (NVD, Red Hat, CVE lists). Affected software: GGLocker iOS application. Underlying issue: insecur...
CVE-2021-3179
GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass...
GGLocker iOS 安全漏洞
GgLocker Ios is a simple digital locker by Gabriele Greco personal developer. A security vulnerability exists in the GGLocker iOS app that stems from an insecure data store containing password hashes, leading to authentication bypass...
Remote Code Execution (RCE)
phpmailer is vulnerable to remote code execution. The vulnerability exists due to insecure data allowed into the $langpath parameter of the setLanguage method...
CVE-2020-35455
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage...
CVE-2020-35455
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage...
The vulnerability of static data created by software for generating reports in Cisco Security Manager’s extended security environments allows attackers to gain unauthorized access to protected information.
The vulnerability of static data in the software tool for creating reports in Cisco Security Manager-enabled extended security environments is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to...
CVE-2020-8482
Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data...
The vulnerability of the Siemens SPPA-T3000 application server allows a hacker to gain access to confidential information.
The vulnerability of the Siemens SPPA-T3000 application server is related to the transmission of data in an open manner. Exploiting this vulnerability can allow attackers to access confidential information...
CVE-2020-9387
In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on...
CVE-2018-21034
In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git...
CVE-2020-8989
In the Voatz application 2020-01-01 for Android, the amount of data transmitted during a single voter's vote depends on the different lengths of the metadata across the available voting choices, which makes it easier for remote attackers to discover this voter's choice by sniffing the network. Fo...
Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2019-34770)
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...
Adobe Creative Cloud Desktop Application Insecure Transfer of Sensitive Data Vulnerability
Adobe Creative Cloud Desktop Application is the management software for various Creative Cloud applications and services. An insecure transmission of sensitive data vulnerability exists in Adobe Creative Cloud Desktop Application 4.6.1 and earlier versions. An attacker could exploit this...
Vulnerabilities in financial mobile apps put consumers and businesses at risk
Security hubris. It’s the phrase we use to refer to our feeling of confidence grounded on assumptions we all have but may not be aware of or care to admit about cybersecurity—and, at times, privacy. It rears its ugly head when 1 we share the common notion that programmers know how to code securel...
August Connect Information Disclosure Vulnerability
August Connect is a bridge device for supporting Wi-Fi and smart lock connections. A security vulnerability exists in August Connect that stems from the program failing to securely transfer data between the August app and August Connect during configuration. An attacker could exploit the...
CVE-2018-20100
An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data transfer uses an unencrypted access point for these credentials, and passes them in an HTTP POST,...