AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings....
The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value. Date published : 2016-09-18...
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session. Date published : 2016-09-18 http://www.securityfocus.com/bid/92936...
The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain...
Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368. Date published : 2016-09-18 http://www.securityfocus.com/bid/92958 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ioxfd
Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka...
The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service via a crafted packet, aka...
UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263. Date published :...
Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remote attackers to execute arbitrary code via a...
Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a (1) stop application...
Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file. Date published : 2016-09-18 http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html
Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors. Date published : 2016-09-18 http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html
The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction. Date...
The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates. Date published : 2016-09-18 http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html