Default credentials

Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via...

CVE-2013-3454

Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via...

Cisco Wireless Control System SQL Injection (cisco-sa-20100811-wcs) (credentialed check)

According to its self-reported version, the version of Cisco Wireless Control System installed on the remote host is 6.0.x before 6.0.196.0. Such versions have a SQL injection vulnerability. A remote, authenticated attacker could exploit this to modify the configuration of WCS or any wireless...

CAREL pCOWeb 'root' User Default Passwords (Telnet)

The remote CAREL pCOWeb based device is using a known default password for the administrative SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

PT-2025-31984

Name of the Vulnerable Software and Affected Versions Maxthon3 versions prior to 3.3 Description Maxthon3 versions prior to 3.3 are vulnerable to cross context scripting XCS through the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers t...

Directory traversal

Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings...

CVE-2012-0232

CVE-2012-0232 concerns GE Proficy Real-Time Information Portal. A directory traversal vulnerability exists in the Remote Interface Service (rifsrvd.exe) listening on TCP 5159, where two input strings used to create a configuration file are not sufficiently validated. Remote, unauthenticated attac...

[Onapsis Security Advisory 2012-07] Oracle JD Edwards SawKernel SET_INI Configuration Modification

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory: Oracle JD Edwards SawKernel SETINI Configuration Modification This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to...

Code injection

Cisco Wireless LAN Controller WLC devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow remote attackers to read or modify the configuration via unspecified vectors, aka Bug ID CSCtu56709...

CVE-2012-0371

Cisco Wireless LAN Controller WLC devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow remote attackers to read or modify the configuration via unspecified vectors, aka Bug ID CSCtu56709...

CVE-2011-4659

Cisco TelePresence TE Software on Cisco IP Video Phone E20 (upgraded to TE 4.1.0) may introduce an unsecured default root account, enabling an unauthenticated, remote attacker to log in via SSH and modify device configuration. The vulnerability arises from an incomplete disabling of the root acco...

Default credentials

Cisco TelePresence Recording Server 1.7.2.x before 1.7.2.1 has a default password for the root administrator account, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtr76182...

NucleusCMS Change Management Configuration CSRF vulnerability-vulnerability warning-the black bar safety net

Vulnerability description: NucleusCMS Change Management Configuration CSRF vulnerability Nucleus is a system for managing one or more blog tools. It uses PHP4 to develop and requires MySQL database support. Nucleus has support for multiple writing, to support the first preview and then submit, th...

CVE-2010-2843

Cisco Wireless LAN Controller WLC software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and...

CVE-2010-2843

Cisco Wireless LAN Controller (WLC) software is listed as affected (likely versions 4.2 through 6.0). The CVE describes a vulnerability where remote authenticated users can bypass access restrictions and modify configuration, and potentially obtain administrative privileges, via unspecified vecto...

Max CMS2. 0beta (maxcms)SQL injection and administrator authentication bypass vulnerability-vulnerability warning-the black bar safety net

This system was internally very popular video-on-demand system, before 1. 5 version vulnerability very much, the 2.0 version in terms of security has improved, but still there are loopholes exist. Look at the code \inc\ajax. asp dim action : action = getForm"action", "get" response. Charset="gbk"...

IS-2010-005 - D-Link DAP-1160 Authentication Bypass

Security Advisory IS-2010-005 - D-Link DAP-1160 Authentication Bypass Advisory Information -------------------- Published: 2010-06-29 Updated: 2010-06-29 Manufacturer: D-Link Model: DAP-1160 Firmware version: 1.20b06 1.30b10 1.31b01 Vulnerability Details --------------------- Public References: N...

IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell

Security Advisory IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell Advisory Information -------------------- Published: 2010-06-08 Updated: 2010-06-08 Manufacturer: Linksys Model: WAP54G Hardware version: v3.x Firmware version: ver.3.05.03 Europe ver.3.04.03 Vulnerability Details...

Deserialization of untrusted data

The web interface in McAfee Email Gateway formerly IronMail 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do...

CVE-2010-2116

The web interface in McAfee Email Gateway formerly IronMail 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do...