FTP Rush version 2.1.8 fails to validate X.509 certificates.
08db1ca6e7f0ad3753320343d94123a3e0682c3ebd85684834dbf71b50e8349dPage2Flip version 2.5 suffers from a denial of service vulnerability.
d605475e023fd099f6ae5991a6c9dc8b5175e3d6115f0f5e24bdef720b8b65c0Netop Remote Control versions 11.52 and 12.11 suffer from hard-coded cryptographic key and insufficiently protected credential issues.
bd92784b38a1c301a6674b12b72e327934aa4b895b78f8ea87bbefcaaebfb4a3OpenText Secure MFT version 2014 R2 SP4 and some prior versions suffer from a cross site scripting vulnerability.
0ca2f8ce2ac1e8fd0292e44455cd17e0bc3afed80f5f026aa383e3aa9639351cNovell GroupWise 2014 suffers from a cross site scripting vulnerability.
4c4c6296fd8b81448615d8372109d7607ccf6820ff46fc08d334d2f7a8f513c2sysPass versions 1.0.9 and below suffer from a remote SQL injection vulnerability.
6b3b7dbe62538e63e5bf0114ba91c34d647ba966aa039a58a9ad1fad1a067addZENWorks Mobile Management version 3.1.0 suffers from cross site scripting vulnerabilities.
4bbde26ce7965cf1887a851e3e9618d8219aa196922007ddf099b40bc39424d9BullGuard Antivirus version 15.0.297 suffers from an authentication bypass vulnerability.
5112dee77c43095b3a49dcb2330e479154fb9f8936b7496f27a233d75f4262a3BullGuard Premium Protection version 15.0.297 suffers from an authentication bypass vulnerability.
e518b0247ad14e6664301878be74b7d5aa34d98c7e9b836f279738abe34a4d3bBullGuard Internet Security version 15.0.297 suffers from an authentication bypass vulnerability.
624206bd9c6a51e8ad271d67e4899a42171ca6df98a67470b32466dea534dd22The client management solution FrontRange Desktop and Server Management (DSM) stores and uses sensitive user credentials for required user accounts in an insecure manner which enables an attacker or malware with file system access to a managed client, for example with the privileges of a limited Windows domain user account, to recover the cleartext passwords. The recovered passwords can be used for privilege escalation attacks and for gaining unauthorized access to other client and/or server systems within the corporate network as at least one FrontRange DSM user account needs local administrative privileges on managed systems. Versions 7.2.1.2020 and 7.2.2.2331 are affected.
6dceda4b06fd7f28ead2853794061c22f60742ebcc1960711543fd9e45abc6aaPanda Gold Protection 2015 version 15.1.0 suffers from an authentication bypass vulnerability.
8279b24bbe87319af019d92f5fa713ba33bc5b2f819599f5d4bde53a1a8c3d70Panda Global Protection 2015 version 15.1.0 suffers from an authentication bypass vulnerability.
b0ce784ce3941c3e2211727da49529f55f628d6bc53a8a07e077f4926fefc997Panda Antivirus Pro 2015 version 15.1.0 suffers from an authentication bypass vulnerability.
78e5eb24225a62312d8ad8f761249bc6322d0fa2d403267061a8cea8d3736af3Panda Internet Security 2015 version 15.0.1 suffers from an authentication bypass vulnerability.
07f2adae46a6c1ae746b474e2de638331124c2f7f405eef6cd9b27bda87dcdffCrushFTP version 7.2.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
4bb993b2b20fd12f0eb42e87af375dd1fd75bb61d47f7f5e88e9fb9dadf58213FancyFon FAMOC version 3.16.5 suffers from multiple cross site scripting vulnerabilities.
efa9652e44569c33fc4fee812a69f383c8001fe4f217c3d71994dbc05b3b72c3FancyFon FAMOC version 3.16.5 suffers from a remote SQL injection vulnerability.
3a671192f0facf33bd6129a2886a8ff9396192343746c6b576a400840ee63a00FancyFon FAMOC version 3.16.5 suffers from a session fixation vulnerability.
d9ed306cd69939777d43977859a23d2b0d269c3652c90899c8652bcdeb2459ceFancyFon FAMOC version 3.16.5 fails to mint one-way hashes without use of a salt.
b1d0a56de5c177ff2044a5a97d03ce257e2444febf937112e175e2fe8e4765a8The software encryption tool McAfee Endpoint Encryption for Removable Media (EERM) which is part of the data protection software McAfee Endpoint Encryption for Files and Folders (EEFF) uses a static and thus predictable salt for generating password hashes using the password-based key derivation function 2 (PBKDF2). Due to the use of a predictable, hard-coded salt, it is possible for an attacker to precompute password candidates and thus to perform more efficient dictionary attacks against the password-based authentication with the use of rainbow tables (time-memory trade-off).
8261951c34c305270d9eea3e7893a1426d99695fcb894956108ffdb81005bff3Cyberduck version 4.4.3 (14140) for Windows fails to properly validate X.509 certificates.
541b5bb49a5ff4999d477790815626466bd8ac777fd0984dec1f956c46e55a27WinSCP version 5.5.2.4130 does not checking the "Common Name" of an X.509 certificate when FTP with TLS is used.
c02e58412a1d791bba874a01d9d7de079487428a4d6386a5000a3a88f7464688Netgear D6300B routers suffer from remote command injection, root shell spawning, UPnP issues, credentials being submitted in the clear, and additional vulnerabilities.
896c086babecbfe246ba805c87d9f85d74b7f8d36859c8eca2c8d15b625be9c7Drupal Drush Debian Packaging third party module version 7.x suffers from an information disclosure vulnerability.
1015e0e169a63db65a92dde56297d650742c8bc7274ed4640cf9b4f20cd7af6eAdobe Photoshop Elements 8 suffers from a buffer overflow vulnerability when dealing with .ABR (brushes) and .GRD (gradients) format files. The application fails to sanitize the user input resulting in a memory corruption, overwriting several memory registers which can aid the attacker to gain the power of executing arbitrary code on the affected system or denial of service scenario.
de231a932c681e757853f9b30b26ba630e5371c0793ff22cac8c46c88a5791d2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed