RICOH Printers XSS Vulnerability (ricoh-2025-000001)

Multiple RICOH printers and multifunction printers are prone to a cross-site scripting XSS vulnerability via the Web Image Monitor. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

MOXA NPort IAW5000A-I/O Series Improper Privilege Management (CVE-2020-25194)

The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges. This plugin only works with Tenable.ot. Please visit...

Barco wePresent WiPG-1600W Hardcoded API Credentials Vulnerability

Barco wePresent device firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Versions affected include 2.5.1.8, 2.5.0.25, 2.5.0.24, and...

Barco wePresent WiPG-1600W Global Hardcoded Root SSH Password Vulnerability

Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19 have a hardcoded root password hash included in the firmware image. Title: Barco wePresent Global Hardcoded Root SSH Password Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-008.txt 1...

Barco wePresent Hardcoded API Credentials

Vulnerability Details Affected Vendor: Barco Affected Product: wePresent WiPG-1600W Affected Version: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials CVE ID: CVE-2020-28329 2. Vulnerability Description Barco wePresent...

Security Bulletin: Multiple vulnerabilities in NTP and OpenSSL affect IBM Netezza Firmware Diagnostics

Summary Open Source NTP and OpenSSL are used by IBM Netezza Firmware Diagnostics. IBM Netezza Firmware Diagnostics Support Tools has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused...

MGASA-2019-0172 Updated kernel-linus packages fixes security vulnerabilities

This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigatio...

Assessing the security of a portable router: a look inside its hardware, part deux

In part two of our blog assessing the security of a portable router, we will acquire the tools and equipment to make a copy of the firmware on our target router so that we can assess the full firmware. Sometimes, the manufacturer has an updated firmware that is available on their website. It coul...

Firmware Authentication Bypass

Summary: Potential security vulnerability allowing bypass of firmware authentication and incorrect TPM measurement of system firmware. Description: Platform sample code firmware included with 4th Gen Intel® Core™ Processor Haswell, 5th Gen Intel® Core™ Processor Broadwell, 6th Gen Intel® Core™...

EDK II Untested memory not covered by SMM page protection

Summary: Intel is releasing firmware updates to improve System Management Mode SMM protection. Description: Incorrect handling of memory types in Tianocore firmware potentially allows a local attacker to bypass SMM protections on memory. • High 8.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H...

Geovision Inc. IP Camera/Video/Access Control - Multiple Remote Command Execution / Stack Overflow /

Exploit for hardware platform in category remote exploits STX Subject: Geovision Inc. IP Camera/Video/Access Control Multiple Remote Command Execution - Multiple Stack Overflow - Double free - Unauthorized Access Attack vector: Remote Authentication: Anonymous no credentials needed Researcher:...

Intel Firmware Vulnerability

Intel has released recommendations to address vulnerabilities in the firmware of the following Intel products: Management Engine, Server Platform Services, and Trusted Execution Engine. An attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourag...

Siemens SIMATIC S7 PLC Multiple Vulnerabilities (SSA-293562)

Siemens SIMATIC S7 devices are prone to multiple vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Dahua Technology Co., Ltd Equipment: Digital Video Recorders and IP Cameras Vulnerabilities: Use of Password Hash Instead of Password for Authentication, Password in Configuration File...

Moxa MX AOPC-Server 1.5 - XML External Entity Injection

Moxa MX AOPC-Server 1.5 - XML External Entity Injection + Credits: John Page AKA HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-EXTERNAL-ENTITY.txt + ISR: ApparitionSec Vendor: ============ www.moxa.com Product:...

Moxa MX AOPC-Server 1.5 - XML External Entity Injection

Credits: John Page AKA HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-EXTERNAL-ENTITY.txt + ISR: ApparitionSec Vendor: ============ www.moxa.com Product: ======================= MX-AOPC UA SERVER - 1.5 Moxa's MX-AOPC...

HP LaserJet Pro Printers remotely exploitable to gain unauthorized access to Wi-Fi and Printer Data

Do you own an HP printer? If so, it may be vulnerable to Hackers. Multiple HP LaserJet Pro Printers are printer vulnerable to hackers according to a new advisory posted by the vendor, dubbed as CVE-2013-4807 SSRT101181. Researcher 'Micha Sajdak' of Securitum.pl have found a security hole HP...

Sitecom Home Storage Center - Directory Traversal

Security Advisory AA-004: Directory Traversal Vulnerability in Sitecom Home Storage Center Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 3, 2012 Vulnerability Type= Directory Traversal Impact= - System Access - Exposure of...

Sitecom Home Storage Center Directory Traversal

Exploit for hardware platform in category web applications Directory Traversal Vulnerability in Sitecom Home Storage Center Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 3, 2012 Vulnerability Type= Directory Traversal Impact= -...

Broadcom NetXtreme management firmware ASF buffer overflow

Overview A buffer overflow vulnerability exists in the Broadcom NetXtreme management firmware. This vulnerability may allow a remote attacker to execute arbitrary code on an affected device. Description The Alert Standard Format ASF Specification is a protocol developed by Distributed Management...