784 matches found
Default credentials
Cisco Network Services CNS NetFlow Collection Engine NFC before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system...
Zend Platform 2.2.1 - PHP.INI File Modification
Zend Platform 2.2.1 - PHP.INI File Modification source: https://www.securityfocus.com/bid/22802/info The Zend Platform is prone to an issue that may let local attackers modify the PHP configuration file 'php.ini'. This issue occurs because the application is installed with an 'inimodifier' progra...
CVE-2006-5905
Web Directory Pro allows remote attackers to 1 backup the database and obtain the backup via a direct request to admin/backupdb.php or 2 modify configuration via a direct request to admin/options.php...
CVE-2006-5905
Web Directory Pro is affected by CVE-2006-5905. The vulnerability allows remote attackers to perform two unauthorized actions via direct requests to admin/backup_db.php and admin/options.php: (1) backup the database and obtain the backup file, and (2) modify configuration. The CVSS metrics indica...
CVE-2002-2218
CRLF injection vulnerability in the setUserValue function in sipssys/code/site.inc.php in Haakon Nilsen simple, integrated publishing system SIPS before 20020209 has unknown impact, possibly gaining privileges or modifying critical configuration, via a CRLF sequence in a key value...
Linksys multiple remote vulnerabilities
The remote router is affected by multiple flaws. Description : The remote host appears to be a Linksys WRT54G Wireless Router. The firmware version installed on the remote host is prone to several flaws, - Execute arbitrary commands on the affected router with root privilages. - Download and...
CVE-2006-1002
NETGEAR WGT624 Wireless DSL router has a default account of superusername "Gearguy" and superpasswd "Geardog", which allows remote attackers to modify the configuration. NOTE: followup posts have suggested that this might not occur with all WGT624 routers...
CVE-2005-4082
The dhcp.client program for QNX 4.25 vmware is setuid, possibly by default, which allows local users to modify the NIC configuration and conduct other attacks...
CVE-2005-3723
Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to disable access to 1 SNMP or 2 TCP port 3390, which allows remote attackers to modify configuration using CVE-2005-3722, or access the Unidata Shell to obtain sensitive information or cause a denial of service...
CVE-2005-3723
The Hitachi IP5000 VOIP/WiFi Phone (v1.5.6) is affected by CVE-2005-3723 due to a failure to disable access to SNMP and TCP port 3390. This allows remote attackers to misuse CVE-2005-3722 to modify system configuration via SNMP credentials or to access the Unidata Shell to obtain sensitive inform...
CVE-2005-3721
CVE-2005-3721 concerns the Hitachi IP5000 VOIP WIFI Phone (firmware 1.5.6) where the HTTP server’s default configuration does not require authentication for sensitive configuration pages. This allows remote attackers to modify device configuration without credentials. The available references con...
CVE-2004-2556
CVE-2004-2556 affects NetGear WG602 (WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67, which contain a hardcoded administrator account (username: super, password: 5777364). This flaw allows remote attackers to modify the device configuration. The issue is rooted in a hardcoded credential...
CVE-2005-2916
Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to 1 modify configuration using restore.cgi or 2 upload new firmware using upgrade.cgi...
CVE-2005-2916
CVE-2005-2916 affects the Linksys WRT54G series (notably 3.01.03, 3.03.6, 4.00.7; possibly earlier than 4.20.7). The issue arises because the device does not verify user authentication until after an HTTP POST is processed, enabling remote attackers to either (1) modify configuration via restore....
iDEFENSE Security Advisory 09.13.05: Linksys WRT54G 'restore.cgi' Configuration Modification Design Error Vulnerability
Linksys WRT54G 'restore.cgi' Configuration Modification Design Error Vulnerability iDEFENSE Security Advisory 09.13.05 www.idefense.com/application/poi/display?id=306&type=vulnerabilities September 13, 2005 I. BACKGROUND The Linksys WRT54G is a combination wireless access point, switch and router...
FreeBSD : junkbuster -- heap corruption vulnerability and configuration modification vulnerability (97edf5ab-b319-11d9-837d-000e0c2e438a)
A Debian advisory reports : James Ranson discovered that an attacker can modify the referrer setting with a carefully crafted URL by accidentally overwriting a global variable. Tavis Ormandy from the Gentoo Security Team discovered several heap corruptions due to inconsistent use of an internal...
CVE-2002-1968
The CVE-2002-1968 entry describes a vulnerability in Com21 DOXport 1100 series cable modems (firmware 2.1.1.106 and possibly earlier than 2.1.1.108.003). The issue: a device may download a DOCSIS configuration file from a malicious TFTP server on the internal network, enabling local users to modi...
CVE-2002-1981
Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the 1 spMSSetServerProperties or 2 spMSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings...
CVE-2005-0232
Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen position, aka "Fireflashing."...
CVE-2003-1121
Services in ScriptLogic 4.01, and possibly other versions before 4.14, process client requests at raised privileges, which allows remote attackers to 1 modify arbitrary registry entries via the ScriptLogic RPC service SLRPC or 2 modify arbitrary configuration via the RunAdmin services...