534 matches found
CVE-2019-8548
An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. This issue is fixed in watchOS 5.2. A partially entered passcode may not clear when the device goes to sleep...
CVE-2019-8548
An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. This issue is fixed in watchOS 5.2. A partially entered passcode may not clear when the device goes to sleep...
Code injection
An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. This issue is fixed in watchOS 5.2. A partially entered passcode may not clear when the device goes to sleep...
CVE-2019-8548
An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. This issue is fixed in watchOS 5.2. A partially entered passcode may not clear when the device goes to sleep...
CVE-2019-8548
CVE-2019-8548 concerns Apple watchOS Passcode handling. A partially entered passcode may not clear when the device goes to sleep; Apple addressed this by clearing the passcode on a locked device sleep, and the issue is fixed in watchOS 5.2. Affected component: Passcode (Apple Watch). Root cause: ...
Nextcloud: Bypassing Passcode/Device credentials
Assume user have set "App passcode" to "Passcode/Device credentials". So whenever user opens the app, it will prompt to unlock before accessing the app. Unfortunately there is a issue, attacker can able to bypass the lock easily in two ways. Setup 1. Install NextCloud app and Log in. 2. Go to...
T-Mobile Suffers Data Breach Affecting Prepaid Wireless Customers
Are you a T-Mobile prepaid customer? If yes, you should immediately create or update your associated account PIN/passcode as additional protection. The US-based telecom giant T-Mobile today disclosed a yet another data breach incident that recently exposed potentially personal information of some...
CVE-2019-10960
Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the...
Code injection
Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the...
CVE-2019-10960
Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the...
Zebra Industrial Printers
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low skill level to exploit Vendor: Zebra Equipment: Industrial Printers Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to send specially crafted packets...
Data and device security for domestic abuse survivors
For more than a month, Malwarebytes has worked with advocacy groups, law enforcement, and cybersecurity researchers to deliver helpful information in fighting stalkerware—the disturbing cyber threat that enables domestic abusers to spy on their partners’ digital and physical lives. While we’ve...
Bypass lock protection in Android app (NC-SA-2019-008)
If an attacker has physical access to an Android smartphone without a screen lock, but with nextcloud installed and set up, they can circumvent the passcode protection by repeatedly opening and closing the app in a very short time...
D-Link Central WiFi Manager (CWM-100) SQL Injection Vulnerability
D-Link Central WiFi Manager CWM-100 is a Web-based wireless access point management tool. A SQL injection vulnerability exists in the index.php/Pay/passcodeAuth passcode parameter in PayAction.class.php in versions prior to D-Link Central WiFi Manager CWM-100 1.03R0100BETA6. An attacker can explo...
D-Link Central WiFi Manager (CWM-100) Cross-Site Scripting Vulnerability
D-Link Central WiFi Manager CWM-100 is a Web-based wireless access point management tool. A cross-site scripting vulnerability exists in the resource view in PayAction.class.php in D-Link Central WiFi Manager CWM-100 versions prior to 1.03R0100BETA6. A remote attacker can exploit this vulnerabili...
CVE-2019-13374
A cross-site scripting XSS vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter...
CVE-2019-13374
A cross-site scripting XSS vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter...
Nextcloud: Passcode Protection in Android Devices Can be Bypassed.
What is The Vulnerability? The Passcode can be bypassed by calling a MainLoginActivity which is com.owncloud.android.ui.activity.FileDisplayActivity , We have successfully bypassed the passcode and are redirected to the App's User Interface. of the user’s credentials: Android Version: 9 Non Roote...
CVE-2019-3928
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. A remote, unauthenticated attacker can use this vulnerability to access a restricted presentation or to become the presenter...
CVE-2019-3928
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. A remote, unauthenticated attacker can use this vulnerability to access a restricted presentation or to become the presenter...