CVE-2016-6532
DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session.
Source: CVE-2016-6532
[월:] 2016년 09월
CVE-2016-6531 (opendental)
CVE-2016-6531 (opendental)
** DISPUTED ** Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note … is factually false … there is indeed a default blank password, but it can be changed … We recommend that users change it, each customer receives direction."
Source: CVE-2016-6531 (opendental)
CVE-2016-6531
CVE-2016-6531
** DISPUTED ** Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note … is factually false … there is indeed a default blank password, but it can be changed … We recommend that users change it, each customer receives direction."
Source: CVE-2016-6531
CVE-2016-5793
CVE-2016-5793
Unquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.
Source: CVE-2016-5793
CVE-2016-4845 (hvl-a2.0_firmware, hvl-a3.0_firmware, hvl-a4.0_firmware, hvl-at1.0s_firmware, hvl-at2.0_firmware, hvl-at2.0a_firmware, hvl-at3.0_firmware, hvl-at3.0a_firmware, hvl-at4.0_firmware, hvl-at4.0a_firmware)
CVE-2016-4845 (hvl-a2.0_firmware, hvl-a3.0_firmware, hvl-a4.0_firmware, hvl-at1.0s_firmware, hvl-at2.0_firmware, hvl-at2.0a_firmware, hvl-at3.0_firmware, hvl-at3.0a_firmware, hvl-at4.0_firmware, hvl-at4.0a_firmware)
Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content.
CVE-2016-4845
CVE-2016-4845
Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content.
Source: CVE-2016-4845
CVE-2016-0918
CVE-2016-0918
EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL.
Source: CVE-2016-0918
CVE-2016-6413
CVE-2016-6413
The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCva50496.
Source: CVE-2016-6413
CVE-2016-6412
CVE-2016-6412
The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via crafted HTTP headers, aka Bug ID CSCuz84773.
Source: CVE-2016-6412
CVE-2016-6411
CVE-2016-6411
Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585.
Source: CVE-2016-6411