|
255751
|
9.8 |
CRITICAL
Network
|
trendmicro
|
deep_discovery_director
|
Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Di…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-11380
|
2024-11-21 12:07 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255752
|
7.5 |
HIGH
Network
|
trendmicro
|
deep_discovery_director
|
Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1.
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2017-11379
|
2024-11-21 12:07 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255753
|
6.5 |
MEDIUM
Network
|
stashcat
|
heinekingmedia
|
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. It uses RSA to exchange a secret for symmetric encryption of mes…
|
NVD-CWE-noinfo
|
CVE-2017-11136
|
2024-11-21 12:07 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255754
|
7.5 |
HIGH
Network
|
stashcat
|
heinekingmedia
|
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The logout mechanism does not check for authorization. Therefore…
|
CWE-862
Missing Authorization
|
CVE-2017-11135
|
2024-11-21 12:07 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255755
|
6.5 |
MEDIUM
Network
|
stashcat
|
heinekingmedia
|
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The login credentials are written into a log file on the device. Hence, an attacker with access to the logs can read them.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-11134
|
2024-11-21 12:07 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255756
|
7.5 |
HIGH
Network
|
stashcat
|
heinekingmedia
|
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. To encrypt messages, AES in CBC mode is used with a pseudo-rando…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2017-11133
|
2024-11-21 12:07 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255757
|
7.5 |
HIGH
Network
|
heinekingmedia
|
stashcat
|
An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. No certificate pinning is implemented; therefore the attacker could issue a certificate for the backend and the applicati…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-11132
|
2024-11-21 12:07 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255758
|
5.9 |
MEDIUM
Network
|
stashcat
|
heinekingmedia
|
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SH…
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2017-11131
|
2024-11-21 12:07 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255759
|
8.1 |
HIGH
Network
|
stashcat
|
heinekingmedia
|
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In …
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2017-11130
|
2024-11-21 12:07 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255760
|
9.8 |
CRITICAL
Network
|
stashcat
|
heinekingmedia
|
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content o…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-11129
|
2024-11-21 12:07 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
