138 matches found
Security Bulletin: Potential security vulnerability in the WebSphere Application Server Admin Console affects Tivoli Storage Productivity Center (CVE-2017-1501)
Summary There is a potential security vulnerability in the WebSphere Application Server Admin Console affecting Tivoli Storage Productivity Center if you have updated the web services security bindings settings. If you changed the cipher suites in the web services security bindings settings, they...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2018-1288 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to bypass security restrictions. By using a manually created fetch request interfering with data replication, an attacker cou...
Nespresso Smart Cards Brewed with Weak Security
Researchers have demonstrated how to outsmart Nespresso Pro machines that use certain smart cards, hacking them to dispense coffee on-demand. Nespresso produces a range of coffees and machines for personal and professional use. Some of the commercial machines accept Mifare Classic stored-value...
Code injection
An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 February 2021...
CVE-2021-26688
An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 February 2021...
CVE-2020-27199
The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication function. Using enumeration, an attacker is able to forge a User specific token without the need for...
IBM WebSphere Application Server 8.0.0.x < 8.0.0.14 / 8.5.x < 8.5.5.12 / 9.0.x < 9.0.0.5 Weak Security Bindings (CVE-2017-1501)
The IBM WebSphere Application Server running on the remote host is version 8.0.0.x prior to 8.0.0.14, 8.5.0.x prior to 8.5.5.12 or 9.0.x prior to 9.0.0.5. It is, therefore, affected by a vulnerability in the web services security bindings settings. If cipher suites were changed in the web service...
Mail.ru: Brute Force due to Weak security credentials lead access to LICENSE SYSTEM Web Server on [l.ucs.ru]
Login functionality on l.ucs.ru was not sufficiently protected against bruteforce...
Default configuration
Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker c...
CVE-2019-9682
Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker c...
CVE-2013-4584
Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssloutgoingciphers not being applied to STARTTLS connections...
Code injection
Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssloutgoingciphers not being applied to STARTTLS connections...
CVE-2013-4584
Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssloutgoingciphers not being applied to STARTTLS connections...
CVE-2013-4584
Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssloutgoingciphers not being applied to STARTTLS connections...
CVE-2013-4584
CVE-2013-4584 affects Perdition before 2.2, where an error in handling outbound connections during STARTTLS for IMAP/POP causes ssl_outgoing_ciphers not to be applied. This results in weaker security for outbound connections; the literature does not provide exploit vectors, affected versions beyond
CVE-2013-4584
Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssloutgoingciphers not being applied to STARTTLS connections...
Live Chat Unlimited <= 2.8.3 - Stored Cross-Site Scripting (XSS)
Weak security measures like bad input field data filtering has been discovered in the 'Live Chat Unlimited'. PoC Go to the demo website https://screets.com/try/lcx/night-bird/ and open chat window by clicking on «Open/close» link, then click on «Online mode» to go online. Use your payload inside...
WordPress Live Chat Unlimited 2.8.3 Plugin - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Live Chat Unlimited v2.8.3 Stored XSS Injection Google Dork: inurl:"wp-content/plugins/screets-lcx" Date: 2019/06/25 Exploit Author: m0ze Vendor Homepage: https://screets.com/ Software Link:...
iLive <= 1.0.4 - Stored Cross-Site Scripting (XSS)
Info: Weak security measures like bad textarea data filtering has been discovered in the 'iLive - Intelligent WordPress Live Chat Support Plugin'. Current version of this premium WordPress plugin is 1.0.4. Demo Website: https://codecanyon.net/item/ilive-wordpress-live-chat-support-plugin/20496563...
Support Board - Chat And Help Desk | Support & Chat <= 1.2.8 Stored XSS
Info: Weak security measures like bad textarea data filtering has been discovered in the «Support Board - Chat And Help Desk | Support & Chat». Demo Website: https://codecanyon.net/item/support-board-chat-and-help-desk/20752085 Backend: https://board.support/desk-demo/?login=true Login / Password...