Category: Vulnerabilities
You are here: Home \ Vulnerabilities
Lenovo has patched two serious vulnerabilities that hackers could abuse in targeted attacks, or at scale, to easily guess administrator passwords on a compromised device, or elevate privileges to Windows SYSTEM user. The vulnerabilities were patched last Thursday by the manufacturer and details were disclosed Tuesday by researchers at IOActive, who privately reported the flaws...
A vulnerability reported to United Airlines that could have been exploited to manipulate flight reservations and customer data sat unpatched for almost six months before it was fixed 10 days ago. Researcher Randy Westergren found and reported an issue in United’s mobile app in May, shortly after the airline announced its bug bounty program, the...
eDellroot is not the only self-signed trusted root certificate on Dell computers. Researchers at Duo Security found two more on a Dell Inspiron 14-inch laptop purchased by Darren Kemp, one of its researchers who is based in Calgary, Canada, including one cert related to eDellroot that also ships with a corresponding private key, and a...
Thousands of cable modems manufactured by the Georgia-based telecom Arris suffer from a series of issues: XSS and CSRF vulnerabilities, hard-coded passwords, and what a researcher is calling a backdoor in a backdoor. Brazilian researcher Bernardo Rodrigues stumbled upon the issues several months ago while researching cable modem security for a conference and disclosed them...
29 July 2015 - 13:18, by , in Vulnerabilities, No comments
It’s recently been discovered that PHP File Manager user database in file ‘/db/valid.users’ is completely unprotected and can be freely downloaded via any web browser. Password hashes stored in the user database are unsalted and are generated via the deprecated MD5 hash algorithm. Most of these hashes can be instantly reverted back to their original...
29 July 2015 - 12:39, by , in Vulnerabilities, No comments
Zimperium zLabs has discovered a flaw in the android operating system that allows the device to be compromised simply by sending it malware infected media via MMS Users don’t necessarily need to open the message for the code to run either, which is one of the worst parts of this vulnerability. The researchers also say...