AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session.
Monthly Archives: September 2016
CVE-2016-6536
The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value.
CVE-2016-6537
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings.
ComActivity 2.14.35 Cross Site Scripting
ComActivity version 2.14.35 suffers from a cross site scripting vulnerability.
Vuln: EMC Avamar Data Store and Avamar Virtual Edition Multiple Security Bypass Vulnerabilities
EMC Avamar Data Store and Avamar Virtual Edition Multiple Security Bypass Vulnerabilities
Vuln: Multiple Huawei USG Products Buffer Overflow Vulnerability
Multiple Huawei USG Products Buffer Overflow Vulnerability
Vuln: Huawei AR Routers Multiple Information Disclosure Vulnerabilities
Huawei AR Routers Multiple Information Disclosure Vulnerabilities
Vuln: Google Chrome Prior to 53.0.2785.89 Multiple Security Vulnerabilities
Google Chrome Prior to 53.0.2785.89 Multiple Security Vulnerabilities
CVE-2016-1433
Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers to cause a denial of service (OSPFv3 process reload) via crafted OSPFv3 packets, aka Bug ID CSCuz66289.
CVE-2016-4620
The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.