3 results (0.004 seconds)

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1

An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that the smart band has no pairing (mode 0 Bluetooth LE security level) The data being transmitted over the air is not encrypted. Adding to this, the data being sent to the smart band doesn't have any authentication or signature verification. Thus, any attacker can control a parameter of the device. Se descubrió un problema en los dispositivos Tata Sonata Smart SF Rush versión 1.12. • https://github.com/the-girl-who-lived/CVE-2020-11539 https://medium.com/%40sayliambure/hacking-a-5-smartband-824763ab6e8f • CWE-306: Missing Authentication for Critical Function CWE-319: Cleartext Transmission of Sensitive Information CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the Titan Framework plugin before 1.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to iframe-googlefont-preview.php or the (2) text parameter to iframe-font-preview.php. Múltiples vulnerabilidades de XSS en el plugin Titan Framework en versiones anteriores a 1.6 para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) t en iframe-googlefont-preview.php o (2) text en iframe-font-preview.php. • https://research.g0blin.co.uk/cve-2014-6444 https://wpvulndb.com/vulnerabilities/8233 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0

Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6.0.5.549 allow remote attackers to cause a denial of service (daemon hang) and possibly execute arbitrary code via a long command. NOTE: the USER and PASS commands for the FTP service are covered by CVE-2008-0702. Múltiples desbordamientos de búfer basados en la memoria libre para la reserva dinámica (heap) en el (1) servicio FTP y (2) servicio de administración de Titan FTP Server 6.0.5.549. Permiten a atacantes remotos provocar una denegación de servicio (cuelgue del demonio) y posiblemente ejecutar código de su elección a través de un comando largo. NOTA: los comandos USUARIO y CONTRASEÑA para el servicio FTP están cubiertos por CVE-2008-0702. • http://secunia.com/advisories/28760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •