Due to storing passwords in a recoverable format on Siemens LOGO! 8 PLCs, an attacker can gain access to configured passwords as cleartext.
95e944e33b6b49156158226e4700374427c35dfaaa04a226bf39cb8debb11f9aDue to storing passwords in a recoverable format on Siemens LOGO! 8 PLCs, an attacker can gain access to configured passwords as cleartext.
bf19d9111516d40322d38739d39310498750019c2b579269ac24b9a2f7e683b3MATESO GmbH Password Safe and Repository Enterprise 7.4.4 build 2247 suffers from poor credential management using unsalted MD5 hashes.
5105c7b2f62190c0c64b2e7931b0d6a3d0fb7d876c939151bd3f4bae8acd7cdbMATESO GmbH Password Safe and Repository Enterprise version 7.4.4 build 2247 suffers from a remote SQL injection vulnerability.
9046651535626d2b33a64b0d5d4c33312e2e5842f722ec1cffb1649ca49e6f7bDue to an insecure implementation of the used 868 MHz radio communication, the wireless alarm system Blaupunkt Smart GSM Alarm SA 2500 Kit is vulnerable to replay attacks.
4a74349e30018d4eadb03382d40421e1c607aee428fa11c9c661fca820e654b2Due to an insecure implementation of the used 433 MHz radio communication, the wireless alarm system M2B GSM is vulnerable to replay attacks.
b19e73ae566f67141fff01b385e124ffe916d02b99d2f4b1eb6581a9331a10b9Due to an insecure implementation of the used 433 MHz radio communication, the wireless alarm system M2B GSM is vulnerable to brute-force attacks.
a33d718d22481da6180fc9af25a09eb7609ae79013ec68a0eb5bd6fddea35071Olympia Protect 9061 article number 5943 revision 03 suffers from missing protection against replay attacks.
b73813379c9c7ae3a3ca7625ea543b01df7c00b2718c1c9ba66959c0c4a4ff2dMicrosoft Wireless Desktop 2000 version A suffers from cryptographic issues and replay attacks.
5b91e6090047fef94d34dd0fd973cc4e86a6c54ee1ac8d86d8a8818ca9bfdecaWireless Keyboard Set LX901 model GK900 is missing protection against replay attacks.
76381a4aa95212b548a5c57eb1416134f9c09f4ceba809253b945b2d5b315328Microsoft Wireless Desktop 2000 version A suffers from insufficient protection of code (firmware) and data (cryptographic key).
a2e84bef4f1b103936ce31df00ad89196bd85c85162d189f4577c1a150082ee0The Perixx PERIDUO-710W KG-1027 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.
f4bc0516c208b0307fe50d327f89c8d288ef83ffc61506179cd54509362894b3The CHERRY B.UNLIMITED AES JD-0400EU-2/01 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.
1638ec208f8e37eaf9b5a1c43ce2ce9035fedf7e2ee03ce599899ee97a9d2669The Logitech M520 Y-R0012 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.
b5b536b4797a8eff1eb40c967a4bdf37db110f16f71fc0a6f0da5e15e92a9b27QNAP QTS version 4.2.1 Build 20160601 suffers from an OS command injection vulnerability.
cb5c2ee3db6c55c22f86862e5b72bd113f7ae769e329bc847caa576516a573f1QNAP QTS versions 4.2.0 Build 20160311 and Build 20160601 suffer from a persistent cross site scripting vulnerability.
27689d9fdae27206f86fb67c52b512a57abc9dffe9f0f4d19e8aa363d3efdb19QNAP QTS version 4.2.1 Build 20160601 suffers from a cross site scripting vulnerability.
559a2c873cc88588570a681aea2d06fbbb6046cd8fdf54b9dbfec6256c89dda1QNAP QTS version 4.2.1 Build 20160601 suffers from an OS command injection vulnerability.
448d8a4712caf953aec99fadb1be4168c93a5e989fce7c009cd8577b1290902fQNAP QTS version 4.2.1 Build 20160601 suffers from an arbitrary file overwrite vulnerability.
1b6b302fa261390c5f0c6aa9787378c2eaa3685d815a17a90ab3bfb40b207096QNAP QTS versions 4.2.0 Build 20160311 and Build 20160601 suffer from a persistent cross site scripting vulnerability.
96a4d53ecd91f1a17608c43886a495fcf40a7eca582c4989e48e047118b247ceQNAP QTS versions 4.2.0 Build 20160311 and Build 20160601 suffer from an OS command injection vulnerability.
892e6af51235735fae4ad4873dc7e3cc493bcb86a765cb905cdf1117cf7df8a9QNAP QTS version 4.2.1 Build 20160601 suffers from an OS command injection vulnerability.
e766f0f6ff858161e23849a3310ffff9e284a377d2850c7d0aacd1f4541b45deNetIQ Access Manager iManager versions 2.7.7.5 and 2.7.7.6 suffer from a cross site scripting vulnerability.
0d8b132a98ae866b25e976fa91c028b7f87513113e4275ea391b836b58886260The SySS GmbH found out that the web server of VMware ESXi 6 is vulnerable to HTTP response injection attacks, as arbitrarily supplied URL parameters are copied in the HTTP header Location of the server response without sufficient input validation. Thus, an attacker can create a specially crafted URL with a specific URL parameter that injects attacker-controlled data to the response of the VMware ESXi web server. Depending on the context, this allows different attacks. If such a URL is visited by a victim, it may for example be possible to set web browser cookies in the victim's web browser, execute arbitrary JavaScript code, or poison caches of proxy servers.
0ea7840b55195ffc59088e4202c17bca17d25971220fb512df76ebf66e0575f9NASdeluxe NDL-2400r version 2.01.10 suffers from an OS command injection vulnerability.
df902fffe771a83318d68fb4a1dac2c82339e67536200c100f67b3f129f20ef4CHERRY B.UNLIMITED AES version JD-0400EU-2/01 suffers from cryptographic issues and replay attack vulnerabilities.
3737c6b837cb5779da05eb65eeceaa868fb36d30c20fac2a630e28c5168f4313
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=logo}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed