Lucene search
K

120 matches found

OSV
OSV
added 2018/03/09 5:29 p.m.1 views

CVE-2017-17226

The TripAdvisor app with the versions before TAMobileApp-24.6.4 pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specif...

5.3CVSS6AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2018/02/16 12:0 a.m.6 views

The software-hardware device’s vulnerability regarding user authentication based on fingerprint recognition in Lenovo Fingerprint Manager Pro allows a intruder to gain access to users’ account information due to the use of a pre-installed account and the flaws in the encryption algorithm.

The vulnerability of the software-hardware solution for implementing user authentication based on fingerprint recognition in Lenovo Fingerprint Manager Pro is related to the use of a pre-installed account and deficiencies in the encryption algorithm. Exploiting this vulnerability can allow an...

7.8CVSS5.5AI score0.00395EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/02/01 12:0 a.m.7 views

The vulnerability of the microprogrammed surveillance camera software ACTi models series B, D, E, and I, due to lack of access control mechanisms, allows intruders to gain access to the device or cause malfunctions during maintenance.

The vulnerability of the microprogrammed surveillance camera software ACTi models series B, D, E, and I is related to access control deficiencies. Exploiting this vulnerability allows a malicious actor to alter the device’s settings by directly accessing the...

10CVSS5.5AI score0.05922EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2018/02/01 12:0 a.m.7 views

The vulnerability of the microprogrammed surveillance camera software ACTi models series B, D, E, and I lies in the rigid encoding of registration data, which allows a intruder to gain access to the device with administrator rights.

The vulnerability of the ACTi series D, B, E, and I video surveillance camera microprogramming systems is related to the use of a pre-installed administrator account. Exploiting this vulnerability can allow an attacker operating remotely to gain access to the device with administrator privileges...

10CVSS5.5AI score0.06085EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2017/12/21 12:0 a.m.9 views

The vulnerability of the microprogrammed software of the MitraStar GPT-2541GNAC and MitraStar DSL-100HN-T1 lies in the use of a pre-installed account, allowing a perpetrator to gain access to the device.

The vulnerability of the microprogrammed routing devices MitraStar GPT-2541GNAC and MitraStar DSL-100HN-T1 is related to the use of a pre-installed account “zyad1234” with the password “zyad1234”. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to the devic...

10CVSS7.8AI score0.03825EPSS
Exploits1References5
Malwarebytes
Malwarebytes
added 2017/12/18 4:0 p.m.25 views

Mobile Menace Monday: upping the ante on Adups

Adups is back on our radar. The same China-based company caught collecting an abundance of user data and creating a backdoor on mobile devices in 2016 has another malicious card to throw down. This time, it's an auto installer we detect as Android/PUP.Riskware.Autoins.Fota. We thought they cleane...

6.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2017/12/07 12:0 a.m.7 views

The vulnerability of D-Link DWR-932B router’s microprogramming software lies in the use of pre-installed accounts, allowing a hacker to gain access to the device with root privileges.

The vulnerability of the D-Link DWR-932B router’s microprogramming software lies in the use of pre-set accounts “admin” and “root”, with passwords “admin” and “1234” respectively. Exploiting this vulnerability allows a malicious actor to gain access to the device with root privileges via Telnet o...

10CVSS5.5AI score0.06932EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2017/11/23 12:0 a.m.6 views

The vulnerability of the Altum router’s microprogramming software relates to the use of pre-installed user accounts, which allow attackers to gain access to the embedded operating system with administrator privileges.

The vulnerability of the Altum router microprogramming system is related to the use of a pre-installed root account. Exploiting this vulnerability allows an attacker, operating remotely, to gain access to the embedded operating system with administrator privileges using SSH or Telnet connections...

10CVSS7.8AI score0.02691EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2017/11/23 12:0 a.m.6 views

The vulnerability of ExaGrid backup device’s microprogramming software, related to the use of pre-installed credentials, allows a perpetrator to gain access to devices with root privileges.

The vulnerability of ExaGrid backup device software relates to the use of pre-installed credentials. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to the device with root privileges, using the pre-installed password “inflection” for the “root” account...

10CVSS7.8AI score0.72289EPSS
Exploits4References4
BDU FSTEC
BDU FSTEC
added 2017/11/23 12:0 a.m.7 views

The vulnerability of the microprogrammed software of the Philips In.Sight B120/37 wireless video camera lies in the presence of pre-installed accounts, which allow a intruder to gain access to the device.

The vulnerability of the microprogrammed software of the Philips In.Sight B120/37 wireless video camera is related to the presence of preset user accounts for access via Telnet or UART accounts like “root”, “admin”, and “mg3500” with passwords “b120root”, “/ADMIN/”, and “merlin” respectively as...

10CVSS7.7AI score0.01566EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2017/11/23 12:0 a.m.5 views

The vulnerability of the microprogrammed software of the wireless video camera Gynoii, related to the presence of pre-installed accounts, allows a intruder to gain access to the device.

The vulnerability of the microprogrammed wireless video camera Gynoii relates to the presence of pre-installed user accounts “guest” and “admin”, with passwords “guest” and “12345” respectively. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to the...

10CVSS7.8AI score0.01566EPSS
Exploits1References2
HackRead
HackRead
added 2017/11/16 8:23 p.m.16 views

Another preinstalled app found on OnePlus that could collect user data

By Waqas A couple of days ago it was reported that an This is a post from HackRead.com Read the original post: Another preinstalled app found on OnePlus that could collect user data...

6.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2017/11/03 12:0 a.m.8 views

The vulnerability of the Oracle Identity Manager (OIM), a software platform of Oracle Fusion Middleware, allows a perpetrator to gain full control over the system.

The vulnerability of the Oracle Identity Manager OIM, a software platform of Oracle Fusion Middleware, is related to the use of pre-installed system accounts. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full control over the Oracle Identity Manager using the...

10CVSS8AI score0.03947EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2017/10/26 12:0 a.m.4 views

PT-2017-3193 · Korenix · Jetnet5628G-R +7

Name of the Vulnerable Software and Affected Versions: Korenix JetNet JetNet5018G version 1.4 Korenix JetNet JetNet5310G version 1.4a Korenix JetNet JetNet5428G-2G-2FX version 1.4 Korenix JetNet JetNet5628G-R version 1.4 Korenix JetNet JetNet5628G version 1.4 Korenix JetNet JetNet5728G-24P versio...

10CVSS9.5AI score0.01923EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2017/09/22 12:0 a.m.8 views

The vulnerability of the Task Manager service of the AmosConnect email delivery management system allows a perpetrator to execute arbitrary commands on the operating system’s host platform.

The vulnerability of the AmosConnect email delivery system management service is related to the use of immutable, pre-installed system accounts. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain full administrative privileges and execute arbitrary commands on the...

10CVSS8.1AI score0.07413EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2016/11/17 12:0 a.m.5 views

Mozilla Firefox Privilege Access Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. Mozilla Firefox has a security vulnerability, an attacker can use the API key glocation in the broadcast protection through the pre-installed application to define the same permissions can be...

7.5CVSS8.7AI score0.01644EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.6 views

The vulnerability of the D-Link DSR-500 router’s microprogramming software allows a malicious individual to gain administrator privileges.

The D-Link DSR-500 router has a pre-installed user with administrator privileges...

9.4CVSS5.4AI score0.01878EPSS
Exploits1References3Affected Software1
ThreatPost
ThreatPost
added 2015/11/23 3:53 p.m.15 views

Dell Shipping Superfish-Style Root Cert, Private Key

Update Just in time for Black Friday, various models of new Dell computers are shipping with a preinstalled root certificate and private key that corresponds to the cert, which as of earlier today was being accepted by all major browsers except Firefox. Given that a number of tools exist to aid i...

6.9AI score
Exploits0References9
securityvulns
securityvulns
added 2015/02/23 12:0 a.m.43 views

LG On Screen Phone authentication bypass (CVE-2014-8757)

LG On Screen Phone authentication bypass vulnerability ------------------------------------------------------ SEARCH-LAB Ltd. discovered a serious security vulnerability in the On Screen Phone protocol used by LG Smart Phones. A malicious attacker is able to bypass the authentication phase of the...

8.3CVSS6.4AI score0.0451EPSS
Exploits1
Kitploit
Kitploit
added 2013/02/26 1:27 a.m.84 views

[ADHD v.0.4.1] Active Defense Harbinger Distribution

The Active Defense Harbinger Distribution ADHD is a Linux distro based on Ubuntu 12.04 LTS. It comes with many tools aimed at active defense preinstalled and configured. The purpose of this distribution is to aid defenders by giving them tools to "strike back" at the bad guys. ADHD has tools whos...

9.8AI score
Exploits0
Rows per page
Query Builder