Cyberthreat Blog, Author at Cyberthreat Blog from Fortify24x7 Page 27905 of 28129

CVE-2016-1560

Posted by Cyberthreat Blog | Apr 21, 2017 | CVE Notifications |

ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain...

CVE-2016-3109

Posted by Cyberthreat Blog | Apr 21, 2017 | CVE Notifications |

The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code.

CVE-2016-3702

Posted by Cyberthreat Blog | Apr 21, 2017 | CVE Notifications |

Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information.

CVE-2016-1518

Posted by Cyberthreat Blog | Apr 21, 2017 | CVE Notifications |

The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device...

CVE-2016-1187

Posted by Cyberthreat Blog | Apr 21, 2017 | CVE Notifications |

Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.

Author: Cyberthreat Blog

CVE-2016-1560

CVE-2016-3109

CVE-2016-3702

CVE-2016-1518

CVE-2016-1187