Cisco Expressway version 8.8.1 suffers from an access control bypass that allows an attacker to leverage the application for internal port scanning.
a361dfbad67cdbc85d866b203c31e7071f2f67698c9fe8627ebe4531801d3757Netop Remote Control versions 11.52 and 12.11 suffer from hard-coded cryptographic key and insufficiently protected credential issues.
bd92784b38a1c301a6674b12b72e327934aa4b895b78f8ea87bbefcaaebfb4a3OpenText Secure MFT version 2014 R2 SP4 and some prior versions suffer from a cross site scripting vulnerability.
0ca2f8ce2ac1e8fd0292e44455cd17e0bc3afed80f5f026aa383e3aa9639351cNovell GroupWise 2014 suffers from a cross site scripting vulnerability.
4c4c6296fd8b81448615d8372109d7607ccf6820ff46fc08d334d2f7a8f513c2sysPass versions 1.0.9 and below suffer from a remote SQL injection vulnerability.
6b3b7dbe62538e63e5bf0114ba91c34d647ba966aa039a58a9ad1fad1a067addZENWorks Mobile Management version 3.1.0 suffers from cross site scripting vulnerabilities.
4bbde26ce7965cf1887a851e3e9618d8219aa196922007ddf099b40bc39424d9BullGuard Antivirus version 15.0.297 suffers from an authentication bypass vulnerability.
5112dee77c43095b3a49dcb2330e479154fb9f8936b7496f27a233d75f4262a3BullGuard Premium Protection version 15.0.297 suffers from an authentication bypass vulnerability.
e518b0247ad14e6664301878be74b7d5aa34d98c7e9b836f279738abe34a4d3bBullGuard Internet Security version 15.0.297 suffers from an authentication bypass vulnerability.
624206bd9c6a51e8ad271d67e4899a42171ca6df98a67470b32466dea534dd22The client management solution FrontRange Desktop and Server Management (DSM) stores and uses sensitive user credentials for required user accounts in an insecure manner which enables an attacker or malware with file system access to a managed client, for example with the privileges of a limited Windows domain user account, to recover the cleartext passwords. The recovered passwords can be used for privilege escalation attacks and for gaining unauthorized access to other client and/or server systems within the corporate network as at least one FrontRange DSM user account needs local administrative privileges on managed systems. Versions 7.2.1.2020 and 7.2.2.2331 are affected.
6dceda4b06fd7f28ead2853794061c22f60742ebcc1960711543fd9e45abc6aaPanda Gold Protection 2015 version 15.1.0 suffers from an authentication bypass vulnerability.
8279b24bbe87319af019d92f5fa713ba33bc5b2f819599f5d4bde53a1a8c3d70Panda Global Protection 2015 version 15.1.0 suffers from an authentication bypass vulnerability.
b0ce784ce3941c3e2211727da49529f55f628d6bc53a8a07e077f4926fefc997Panda Antivirus Pro 2015 version 15.1.0 suffers from an authentication bypass vulnerability.
78e5eb24225a62312d8ad8f761249bc6322d0fa2d403267061a8cea8d3736af3Panda Internet Security 2015 version 15.0.1 suffers from an authentication bypass vulnerability.
07f2adae46a6c1ae746b474e2de638331124c2f7f405eef6cd9b27bda87dcdffCisco Security Advisory - Cisco TelePresence Video Communication Server (VCS), Cisco Expressway and Cisco TelePresence Conductor contain denial of service and authentication bypass vulnerabilities.
22028b21fd801e6d3da2aed39be168d4f0f5cc7a562ad4fef91871c10dd78043FancyFon FAMOC version 3.16.5 suffers from multiple cross site scripting vulnerabilities.
efa9652e44569c33fc4fee812a69f383c8001fe4f217c3d71994dbc05b3b72c3FancyFon FAMOC version 3.16.5 suffers from a remote SQL injection vulnerability.
3a671192f0facf33bd6129a2886a8ff9396192343746c6b576a400840ee63a00FancyFon FAMOC version 3.16.5 suffers from a session fixation vulnerability.
d9ed306cd69939777d43977859a23d2b0d269c3652c90899c8652bcdeb2459ceFancyFon FAMOC version 3.16.5 fails to mint one-way hashes without use of a salt.
b1d0a56de5c177ff2044a5a97d03ce257e2444febf937112e175e2fe8e4765a8The software encryption tool McAfee Endpoint Encryption for Removable Media (EERM) which is part of the data protection software McAfee Endpoint Encryption for Files and Folders (EEFF) uses a static and thus predictable salt for generating password hashes using the password-based key derivation function 2 (PBKDF2). Due to the use of a predictable, hard-coded salt, it is possible for an attacker to precompute password candidates and thus to perform more efficient dictionary attacks against the password-based authentication with the use of rainbow tables (time-memory trade-off).
8261951c34c305270d9eea3e7893a1426d99695fcb894956108ffdb81005bff3Cisco Security Advisory - Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Software suffer from multiple denial of service vulnerabilities.
f4761d353c361b635fbca858206c528f26cfc0deeb022515d8daebb6a267dcdaFTP Rush version 2.1.8 fails to validate X.509 certificates.
08db1ca6e7f0ad3753320343d94123a3e0682c3ebd85684834dbf71b50e8349dCyberduck version 4.4.3 (14140) for Windows fails to properly validate X.509 certificates.
541b5bb49a5ff4999d477790815626466bd8ac777fd0984dec1f956c46e55a27WinSCP version 5.5.2.4130 does not checking the "Common Name" of an X.509 certificate when FTP with TLS is used.
c02e58412a1d791bba874a01d9d7de079487428a4d6386a5000a3a88f7464688Netgear D6300B routers suffer from remote command injection, root shell spawning, UPnP issues, credentials being submitted in the clear, and additional vulnerabilities.
896c086babecbfe246ba805c87d9f85d74b7f8d36859c8eca2c8d15b625be9c7Scanner Frequencies for the Kennedy Expressway.
99a128e75bd3057ec95f6afba0ce23e4928792e830c17131be661e6231c3f6b9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed