Lucene search
K

137 matches found

ATTACKERKB
ATTACKERKB
added 2018/11/27 2:29 p.m.5 views

CVE-2018-9083

In System Management Module SMM versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other vulnerability...

9.3CVSS5.5AI score0.01075EPSS
Exploits0References2
Lenovo
Lenovo
added 2018/10/18 11:43 p.m.418 views

System Management Module Vulnerabilities - US

Lenovo Security Advisory: LEN-24374 Potential Impact: Privilege escalation Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9083, CVE-2018-9084, CVE-2018-16089, CVE-2018-16090, CVE-2018-16091, CVE-2018-16092, CVE-2018-16094, CVE-2018-16095, CVE-2018-16096 Summary...

9.3CVSS0.7AI score0.01735EPSS
Exploits0
ThreatPost
ThreatPost
added 2018/05/18 2:20 p.m.19 views

TeleGrab Malware Steals Telegram Desktop Messaging Sessions, Steam Credentials

Recently discovered malware steals cache data and secure messaging sessions from the desktop version of encrypted messaging service Telegram. The malware, dubbed TeleGrab, leverages weak default settings in the design of Telegram’s desktop version along with the desktop’s lack of support for Secr...

0.1AI score
Exploits0References3
CNVD
CNVD
added 2018/05/15 12:0 a.m.2 views

Foxconn FEMTO AP-FC4064-T Weak Password Vulnerability

The Foxconn FEMTO AP-FC4064-T is a home base station device from Foxconn. A security vulnerability exists in the web administration page of the Foxconn FEMTO AP-FC4064-T APGTB385.8.3lb15-W47 LTE Build 15 version, which stems from the admin account using a weak default password: admin, and the...

9.8CVSS7.2AI score0.01335EPSS
Exploits1References1
NVD
NVD
added 2018/05/10 3:29 a.m.18 views

CVE-2018-9112

A low privileged admin account with a weak default password of admin exists on the Foxconn FEMTO AP-FC4064-T APGTB385.8.3lb15-W47 LTE Build 15. In addition, its web management page relies on the existence or values of cookies when performing security-critical operations. One can gain privileges b...

9.8CVSS9.6AI score0.01335EPSS
Exploits1References1
OSV
OSV
added 2018/05/10 3:29 a.m.4 views

CVE-2018-9112

A low privileged admin account with a weak default password of admin exists on the Foxconn FEMTO AP-FC4064-T APGTB385.8.3lb15-W47 LTE Build 15. In addition, its web management page relies on the existence or values of cookies when performing security-critical operations. One can gain privileges b...

9.8CVSS5.8AI score0.01335EPSS
Exploits1References1
CNVD
CNVD
added 2018/05/04 12:0 a.m.6 views

IBM Security Guardium Information Disclosure Vulnerability (CNVD-2018-09231)

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A security vulnerability exists in IBM Security Guardium, which stems...

9.8CVSS6.7AI score0.02497EPSS
Exploits0References1
NVD
NVD
added 2018/03/14 7:29 p.m.23 views

CVE-2018-8712

An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data...

9.8CVSS8.9AI score0.01828EPSS
Exploits0References1
OSV
OSV
added 2018/03/14 7:29 p.m.30 views

CVE-2018-8712

An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data...

9.8CVSS6.6AI score
Exploits0References1
OSV
OSV
added 2018/03/10 10:29 p.m.6 views

CVE-2018-6312

A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version APGTB385.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interface, which allows root login without any password. This vulnerability will lead to full system...

7.2CVSS5.8AI score0.01323EPSS
Exploits0References1
OSV
OSV
added 2018/02/27 5:29 p.m.3 views

CVE-2018-1372

IBM Security Guardium Big Data Intelligence SonarG 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 137772...

9.8CVSS5.8AI score0.02197EPSS
Exploits0References3
CNVD
CNVD
added 2017/06/15 12:0 a.m.6 views

IBM BigFix Security Compliance Analytics Weak Default Password Vulnerability

IBM BigFix Security Compliance Analytics is a suite of systems management software from IBM in the United States. The software provides remote control, patch management, software distribution, operating system deployment, network access protection and other functions. A security vulnerability...

9.8CVSS7AI score0.01661EPSS
Exploits0References1
OSV
OSV
added 2017/04/04 4:59 p.m.3 views

CVE-2017-7306

Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that...

6.4CVSS5.9AI score0.00361EPSS
Exploits1References2
NVD
NVD
added 2017/04/04 4:59 p.m.19 views

CVE-2017-7306

Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that...

6.4CVSS6.6AI score0.00361EPSS
Exploits1References2
CVE
CVE
added 2017/04/04 4:0 p.m.45 views

CVE-2017-7306

Riverbed RiOS before version 9.6.1 exposes a weak default password for the secure vault. This weakness can be exploited by physically proximate attackers who know the password algorithm and the appliance serial number, enabling defeat of the secure-vault protection mechanism. Documentation consis...

6.4CVSS6.5AI score0.00361EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2017/04/04 12:0 a.m.6 views

PT-2017-17652 · Riverbed · Riverbed Rios

Name of the Vulnerable Software and Affected Versions: Riverbed RiOS versions prior to 9.6.1 Description: The issue is related to a weak default password for the secure vault in Riverbed RiOS, which can be exploited by physically proximate attackers who have knowledge of the password algorithm an...

6.4CVSS7.4AI score0.00361EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2016/11/30 11:59 a.m.1 views

CVE-2016-2951

IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data...

4.3CVSS5.6AI score0.0066EPSS
Exploits0References4
CNVD
CNVD
added 2016/11/29 12:0 a.m.6 views

IBM BigFix Remote Control Information Disclosure Vulnerability (CNVD-2016-11744)

IBM BigFix Remote Control is a set of remote control systems from IBM in the United States. A security vulnerability exists in IBM BigFix Remote Control versions prior to 9.1.3 that stems from the program's use of a weak default password policy. A remote attacker could exploit the vulnerability t...

8.1CVSS6.9AI score0.01283EPSS
Exploits0References1
exploitpack
exploitpack
added 2016/05/10 12:0 a.m.42 views

JVC HDRs Net (Multiple Cameras) - Multiple Vulnerabilities

JVC HDRs Net Multiple Cameras - Multiple Vulnerabilities | | | | \ |\ \ \ / - | | | | - /| //||||,|.// www.orwelllabs.com security advisory olsa-2016-04-01 Adivisory Information +++++++++++++++++++++++ + Title: JVC Multiple Products Multiple Vulnerabilities + Vendor: JVC Professional Video +...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2016/05/10 12:0 a.m.49 views

JVC HDRs / Net (Multiple Cameras) - Multiple Vulnerabilities

| | | | \ |\ \ \ / - | | | | - /| //||||,|.// www.orwelllabs.com security advisory olsa-2016-04-01 Adivisory Information +++++++++++++++++++++++ + Title: JVC Multiple Products Multiple Vulnerabilities + Vendor: JVC Professional Video + Research and Advisory: Orwelllabs + Adivisory URL:...

7.4AI score
Exploits0
Rows per page
Query Builder