Siglent Technologies SDS 1202X-E Digital Oscilloscope 5.1.3.13 Hardcoded Credentials

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Siglent Technologies SDS 1202X-E Digital Oscilloscope vulnerable version: V5.1.3.13 fixed version: - CVE number: - impact: High homepage...

NUUO CMS Code Execution Vulnerability (CNVD-2018-21167)

NUUO CMS is a set of centralized software management platform from NUUO. The platform is used to centrally manage devices such as NVRs hard disk recorders and IP cameras, and provides functions such as user management and alarm management. A security vulnerability exists in NUUO CMS version 3.1 a...

CVE-2018-17890

NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution...

CVE-2018-17890

NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution...

GandCrab Ransomware Found Hiding on Legitimate Websites

The GandCrab ransomware continues to virulently spread and adapt to shifting cyber-conditions, most recently crawling back into relevance on the back of several large-scale spam campaigns. What’s interesting is that GandCrab payload was found hiding on legitimate but compromised websites. These,...

LocalTapiola: Information exposure via error pages (www.lahitapiola.fi Tomcat)

Summary: Information exposure via error pages Description: Hello there! I take the risk that this report might be closed as a N/A but because you are running outdated tomcat I wanted to take this risk and report this to you. So here we go.. When you navigate to the page e.g...

Conarc iChannel - Improper Access Restrictions Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Conarc iChannel - Unauthenticated Access/Default Webserver Misconfiguration allows for compromise of server Date: 2017-12-19 Exploit Author: Information Paradox CVE : CVE-2017-17759...

Over 8,600 Vulnerabilities Found in Pacemakers

"If you want to keep living, Pay a ransom, or die." This could happen, as researchers have found thousands of vulnerabilities in Pacemakers that hackers could exploit. Millions of people that rely on pacemakers to keep their hearts beating are at risk of software glitches and hackers, which could...

CVE-2017-9181

libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service invalid write and SEGV, related to the ReadImage function in input-bmp.c...

SICUNET Access Controller Multiple Vulnerabilities

SICUNET Access Controller is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

SICUNET Access Controller 0.32-05z Code Execution / File Disclosure

SICUNET Physical Access Controller - Multiple Vulnerabilities ------------------------------------------------------------- Introduction ============ Multiple vulnerabilities were identified in the SICUNET Access Controller Products. The vulnerabilities were discovered during a black box security...

SICUNET Access Controller 0.32-05z Code Execution / File Disclosure Vulnerabilities

Exploit for php platform in category web applications SICUNET Physical Access Controller - Multiple Vulnerabilities ------------------------------------------------------------- Introduction ============ Multiple vulnerabilities were identified in the SICUNET Access Controller Products. The...

Exploit kits remain a cybercrime staple against outdated software – 2016 threat landscape review series

Despite the disruption of Axpergle Angler, which dominated the landscape in early 2016, exploit kits as a whole continued to be a threat to PCs running unpatched software. Some of the most prominent threats, from malvertising to ransomware, used exploit kits to infect millions of computers...

Downloads Resources over HTTP

Overview Affected versions of native-opencv insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...

Donald Trump's Email Servers are Horribly Insecure — Researcher Reveals

When Hillary Clinton's private email server was hacked earlier this year, she was criticized for her bad security practices that exposed top secret documents stored in emails on that private server. The FBI called her behavior 'extremely careless.' Republican presidential candidate Donald Trump a...

Design/Logic Flaw

Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC5...

Outdated, Unpatched Software Rampant in Businesses

We all know outdated software, browsers, and plugins are unsafe, but how unsafe? Duo Labs has taken a hard look at the dangers of outdated software in a report released Tuesday that said 25 percent of business systems risk exposure to 700 possible vulnerabilities. The most insecure software, Duo...

Supply chain security issues in reproduction: a medicines management system How will A 1 4 0 0 a vulnerability-vulnerability warning-the black bar safety net

! Industrial control systems network Emergency Response Team, ICS-CERT on Tuesday issued a notice to appear, a widely used medication management system in the presence of more than 1 4 0 0 a vulnerability. Security researchers independently of the road Pyxis SupplyStation are United by CareFusion...

EA Games Site Hacked to Steal Apple IDs

Hackers were able to compromise a server belonging to Electronic Arts Games this week and rig one of its websites to resemble an Apple log-in page to dole out phishing attacks. U.K.-based security firm Netcraft discovered the hacked site on Tuesday and informed EA, which blocked it on Wednesday...

[Lynis 1.4.6] Security and System Auditing Tool to Harden Linux Systems

Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information,...