137 matches found
CVE-2018-9083
In System Management Module SMM versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other vulnerability...
System Management Module Vulnerabilities - US
Lenovo Security Advisory: LEN-24374 Potential Impact: Privilege escalation Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9083, CVE-2018-9084, CVE-2018-16089, CVE-2018-16090, CVE-2018-16091, CVE-2018-16092, CVE-2018-16094, CVE-2018-16095, CVE-2018-16096 Summary...
TeleGrab Malware Steals Telegram Desktop Messaging Sessions, Steam Credentials
Recently discovered malware steals cache data and secure messaging sessions from the desktop version of encrypted messaging service Telegram. The malware, dubbed TeleGrab, leverages weak default settings in the design of Telegram’s desktop version along with the desktop’s lack of support for Secr...
Foxconn FEMTO AP-FC4064-T Weak Password Vulnerability
The Foxconn FEMTO AP-FC4064-T is a home base station device from Foxconn. A security vulnerability exists in the web administration page of the Foxconn FEMTO AP-FC4064-T APGTB385.8.3lb15-W47 LTE Build 15 version, which stems from the admin account using a weak default password: admin, and the...
CVE-2018-9112
A low privileged admin account with a weak default password of admin exists on the Foxconn FEMTO AP-FC4064-T APGTB385.8.3lb15-W47 LTE Build 15. In addition, its web management page relies on the existence or values of cookies when performing security-critical operations. One can gain privileges b...
CVE-2018-9112
A low privileged admin account with a weak default password of admin exists on the Foxconn FEMTO AP-FC4064-T APGTB385.8.3lb15-W47 LTE Build 15. In addition, its web management page relies on the existence or values of cookies when performing security-critical operations. One can gain privileges b...
IBM Security Guardium Information Disclosure Vulnerability (CNVD-2018-09231)
IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A security vulnerability exists in IBM Security Guardium, which stems...
CVE-2018-8712
An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data...
CVE-2018-8712
An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data...
CVE-2018-6312
A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version APGTB385.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interface, which allows root login without any password. This vulnerability will lead to full system...
CVE-2018-1372
IBM Security Guardium Big Data Intelligence SonarG 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 137772...
IBM BigFix Security Compliance Analytics Weak Default Password Vulnerability
IBM BigFix Security Compliance Analytics is a suite of systems management software from IBM in the United States. The software provides remote control, patch management, software distribution, operating system deployment, network access protection and other functions. A security vulnerability...
CVE-2017-7306
Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that...
CVE-2017-7306
Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that...
CVE-2017-7306
Riverbed RiOS before version 9.6.1 exposes a weak default password for the secure vault. This weakness can be exploited by physically proximate attackers who know the password algorithm and the appliance serial number, enabling defeat of the secure-vault protection mechanism. Documentation consis...
PT-2017-17652 · Riverbed · Riverbed Rios
Name of the Vulnerable Software and Affected Versions: Riverbed RiOS versions prior to 9.6.1 Description: The issue is related to a weak default password for the secure vault in Riverbed RiOS, which can be exploited by physically proximate attackers who have knowledge of the password algorithm an...
CVE-2016-2951
IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data...
IBM BigFix Remote Control Information Disclosure Vulnerability (CNVD-2016-11744)
IBM BigFix Remote Control is a set of remote control systems from IBM in the United States. A security vulnerability exists in IBM BigFix Remote Control versions prior to 9.1.3 that stems from the program's use of a weak default password policy. A remote attacker could exploit the vulnerability t...
JVC HDRs Net (Multiple Cameras) - Multiple Vulnerabilities
JVC HDRs Net Multiple Cameras - Multiple Vulnerabilities | | | | \ |\ \ \ / - | | | | - /| //||||,|.// www.orwelllabs.com security advisory olsa-2016-04-01 Adivisory Information +++++++++++++++++++++++ + Title: JVC Multiple Products Multiple Vulnerabilities + Vendor: JVC Professional Video +...
JVC HDRs / Net (Multiple Cameras) - Multiple Vulnerabilities
| | | | \ |\ \ \ / - | | | | - /| //||||,|.// www.orwelllabs.com security advisory olsa-2016-04-01 Adivisory Information +++++++++++++++++++++++ + Title: JVC Multiple Products Multiple Vulnerabilities + Vendor: JVC Professional Video + Research and Advisory: Orwelllabs + Adivisory URL:...