Cisco DDR2200 and 2201v1 ADSL2+ Residential Gateway devices suffer from insecure direct object reference vulnerabilities that allow for remote code execution as well as a path traversal issue.
3d75aff532e38b6b2a6184d2c0b2e44dTelegram version 4.0.1 suffers from a two-factor authentication bypass vulnerability.
a874728318ad389b5b51f22df6fc748fApache httpd versions 2.2.0 through 2.2.32 and 2.4.0 through 2.4.25 suffer from an ap_get_basic_auth_pw authentication bypass vulnerability.
cb420682d67ca6cb1a509889ce890788EMC ESRS Virtual Edition versions 3.18 and below suffer from an authentication bypass vulnerability.
251bf4de8dd0bb54efd42555b138296dAtlassian Confluence versions 4.3.0 through 6.1.1 suffers from an access restriction bypass vulnerability.
71d758377b0464d5863a7cf56d17a000Easy File Sharing Web Server version 7.2 suffers from an authentication bypass vulnerability. suffers from a bypass vulnerability.
cb6cabfb18bb30057a5918cb51b25080D-Link DIR-600M Wireless N 150 suffers from an authentication bypass vulnerability.
177eb06dde58e466bffebdce91d3056eManageEngine ServiceDesk Plus version 9.0 suffers from an authentication bypass vulnerability.
f57b227c1d9fe11249ee5d75222c47ccQNAP PhotoStation version 5.2.4 and MusicStation version 4.8.4 suffer from an authentication bypass vulnerability.
9e5b18523ce0b371a5bd11a3f875f96aStarscream library version prior to 2.0.4 suffer from an SSL pinning vulnerability due to the pinning occurring too late in the stream function.
b0989ba797389d3201af3d8be771474fWestern Digital My Cloud with firmware version 2.21.126 suffers from an authentication bypass vulnerability that allows escalation to administrative privileges.
03efc4e9cf55948800f65cb80dd0da13WebSocket.swift in Starscream versions 2.0.3 and below allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false). An attacker can achieve traffic interception from a man-in-the-middle position, first by resetting the TCP connection between the client and server, and afterwards by injecting an SSL server certificates they control.
4a7af40db402a792926151e595919340Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a session generation authentication bypass vulnerability.
005e0bebe474fcf55e7c7e59c977ddc0Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a logoff.cgi directory traversal authentication bypass vulnerability.
e64dcba98301f1ab384f8984e9224a9bThis Metasploit module exploits two vulnerabilities the Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to 'admin' upon a reboot (CVE-2016-7552). The second is a cmd injection flaw using the timezone parameter in the admin_sys_time.cgi interface (CVE-2016-7547).
3eb4ddb8e86d4a0dab985176c6c1a683Brother MFC-J6520DW suffers from a password changing authentication bypass vulnerability.
189cca9829b720eb2fbdb3d20e396f33Microsoft Windows suffered from a CreateProcessAsUser impersonation token bypass vulnerability.
67e8190e6dfce495fb12b9be530a5f0fCambium products suffer from SNMP access control issues that may allow for unauthorized changes to the device configuration. Models affected include Cambium ePMP 1000, Cambium ePMP 2000, Cambium PMP XXX, and Cambium ForceXXX models.
554ca0450724f285790b803edba59020LAquis SCADA version 4.1 suffers from access control issues.
ceb0e533f4ea33ad349ea2f06a537f58Microsoft Windows versions 8 and newer suffer from an AppLocker bypass vulnerability.
8236524fc90ea4284a62675e26576a42Alienvault OSSIM / USM versions 5.3.0 and below suffer from an authentication bypass vulnerability.
54264ef41a3e80682e8714812d435491Synologic NAS suffers from an IP blocking bypass vulnerability.
8afa1408533488ccb2007ab703fe026dSawmill Enterprise version 8.7.9 suffers from a pass the hash authentication bypass vulnerability.
dca1f753f3a94ad01a4224c6e6eb6a63Google Chrome suffers from a bypass vulnerability in the download filetype blacklist functionality. Versions 54.0.2840.100 stable is affected.
ae38a5ec06fe60eb345dfdafae27e295EMC Isilon InsightIQ is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to compromise the affected system. Versions affected include 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, and 3.0.0.
d92586473d4adb42421cb749cab5a715
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed