CVE-2014-2349 Emerson DeltaV Use of Improper Authorization

Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program...

CVE-2014-0769

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to 1 modify the configuration via a request to the debug service on port 4000 o...

Authentication flaw

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to 1 modify the configuration via a request to the debug service on port 4000 o...

CVE-2014-0769 Festo CECX-X-(C1/M1) Controller Improper Authentication

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to 1 modify the configuration via a request to the debug service on port 4000 o...

CVE-2014-0769

Vulnerability CVE-2014-0769 affects Festo CECX-X-C1 and CECX-X-M1 controllers (CoDeSys/SoftMotion). The issue is improper authentication (CWE-287): unauthenticated access to TCP ports 4000 (debug) and 4001 (log) allows remote attackers to modify configuration or delete log entries. Public advisor...

Important: 389-ds-base

Issue Overview: It was discovered that the 389 Directory Server did not properly handle certain SASL-based authentication mechanisms. A user able to authenticate to the directory using these SASL mechanisms could connect as any other directory user, including the administrative Directory Manager...

Authentication flaw

SAP Network Interface Router SAProuter 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors...

CVE-2013-7093

CVE-2013-7093 affects SAP Network Interface Router (SAProuter) 39.3 SP4. The vulnerability allows remote attackers to bypass authentication and modify the SAProuter configuration via unspecified vectors. This is noted as a network-based issue with attack complexity low and no authentication requi...

UBUNTU-CVE-2013-6172

steps/utils/savepref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code...

Multiple Vulnerabilities in Cisco Wireless LAN Controllers (cisco-sa-20090727-wlc)

The remote Cisco Wireless LAN Controller WLC is affected by one or more of the following vulnerabilities: - Malformed HTTP or HTTPS authentication response Denial of Service CVE-2009-1164 - SSH connections Denial of Service CVE-2009-1165 - Crafted HTTP or HTTPS request Denial of Service...

Default credentials

Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via...

CVE-2013-3454

Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via...

Cisco Wireless Control System SQL Injection (cisco-sa-20100811-wcs) (credentialed check)

According to its self-reported version, the version of Cisco Wireless Control System installed on the remote host is 6.0.x before 6.0.196.0. Such versions have a SQL injection vulnerability. A remote, authenticated attacker could exploit this to modify the configuration of WCS or any wireless...

CAREL pCOWeb 'root' User Default Passwords (Telnet)

The remote CAREL pCOWeb based device is using a known default password for the administrative SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

PT-2025-31984

Name of the Vulnerable Software and Affected Versions Maxthon3 versions prior to 3.3 Description Maxthon3 versions prior to 3.3 are vulnerable to cross context scripting XCS through the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers t...

Directory traversal

Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings...

CVE-2012-0232

CVE-2012-0232 concerns GE Proficy Real-Time Information Portal. A directory traversal vulnerability exists in the Remote Interface Service (rifsrvd.exe) listening on TCP 5159, where two input strings used to create a configuration file are not sufficiently validated. Remote, unauthenticated attac...

[Onapsis Security Advisory 2012-07] Oracle JD Edwards SawKernel SET_INI Configuration Modification

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory: Oracle JD Edwards SawKernel SETINI Configuration Modification This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to...

Code injection

Cisco Wireless LAN Controller WLC devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow remote attackers to read or modify the configuration via unspecified vectors, aka Bug ID CSCtu56709...

CVE-2012-0371

Cisco Wireless LAN Controller WLC devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow remote attackers to read or modify the configuration via unspecified vectors, aka Bug ID CSCtu56709...