CVE-2015-9254
Datto ALTO and SIRIS devices have a default VNC password.
Source: CVE-2015-9254
[월:] 2018년 02월
CVE-2017-16835
CVE-2017-16835
The "Photo,Video Locker-Calculator" application 12.0 for Android has android:allowBackup="true" in AndroidManifest.xml, which allows attackers to obtain sensitive cleartext information via an "adb backup ‘-f smart.calculator.gallerylock’" command.
Source: CVE-2017-16835
CVE-2015-9256
CVE-2015-9256
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default.
Source: CVE-2015-9256
CVE-2017-18192
CVE-2017-18192
smart/calculator/gallerylock/CalculatorActivity.java in the "Photo,Video Locker-Calculator" application through 18 for Android allows attackers to access files via the backdoor 17621762 PIN.
Source: CVE-2017-18192
CVE-2015-2081
CVE-2015-2081
Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts.
Source: CVE-2015-2081
CVE-2015-9255
CVE-2015-9255
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory.
Source: CVE-2015-9255
CVE-2018-7259
CVE-2018-7259
The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user’s Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by sniffing the network for cleartext HTTP traffic. This behavior was removed in 2.0.1.232.
Source: CVE-2018-7259
CVE-2018-7253
CVE-2018-7253
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
Source: CVE-2018-7253
CVE-2018-7254
CVE-2018-7254
The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.
Source: CVE-2018-7254
CVE-2018-7251
CVE-2018-7251
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred.
Source: CVE-2018-7251