3846 matches found
Carlo Gavazzi EOS Box Multiple Vulnerabilities
Overview This advisory provides mitigation details for multiple vulnerabilities that impact the Carlo Gavazzi EOS-Box Photovoltaic Monitoring System. Carlo Gavazzi has identified two vulnerabilities in the Carlo Gavazzi EOS-Box Photovoltaic Monitoring System. Carlo Gavazzi has produced a firmware...
Sinapsi Devices Vulnerabilities
Overview This advisory is a follow-up to the alert titled ICS-ALERT-12-284-01—Sinapsi eSolar Light Vulnerabilities that was published October 10, 2012. Independent researchers Roberto Paleari and Ivan Speziale identified four vulnerabilities and released proof-of-concept exploit code for the...
Korenix Jetport 5600 Series Hard-coded Credentials
Overview This advisory provides mitigation details for a vulnerability that impacts the Korenix JetPort 5600. Independent researcher Reid Wightman of Digital Bond identified undocumented hard-coded root credentials in the firmware of the Korenix JetPort 5600 system application without coordinatio...
HP SAN/iQ < 9.5 Root Shell Command Injection
The version of SAN/iQ running on the remote host has a command injection vulnerability. The hydra service, used for remote management and configuration, does not properly sanitize untrusted input. A remote attacker could exploit this to execute arbitrary commands as root. Authentication is...
Backdoor In Equipment Used For Traffic Control, Railways Called "Huge Risk"
UPDATE: Security researchers are warning about the risk posed by an embarrassing security hole in industrial control software by the firm RuggedCom. A hidden administrative account could give remote attackers easy access to critical equipment that is used to manage a wide range of critical...
WAGO I/O System 758 Series Hard-Coded Credentials Vulnerability (HTTP)
WAGO I/O System 758 series devices are using a set of hard-coded credentials. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...
WAGO I/O System 758 Series Hard-Coded Credentials Vulnerability (Telnet)
WAGO I/O System 758 series devices are using a set of hard-coded credentials. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...
IBM Tivoli Endpoint 4.1.1 Buffer Overflow / Hard-Coded Credentials
!/usr/bin/python tiv-sys.py IBM Tivoli Endpoint 4.1.1 Remote SYSTEM Exploit Jeremy Brown 0xjbrown41-gmail-com June 2011 Discovered by: Brian Adeloye of Tenable Network Security This exploit makes use of two vulnerabilities: 1 Base64 authentication credentials hard-coded in lcfd.exe 2 Stack-based...
Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038
Matta Consulting - Matta Advisory http://www.trustmatta.com Cisco Unified Videoconferencing multiple vulnerabilities Advisory ID: MATTA-2010-001 CVE reference: CVE-2010-3037 CVE-2010-3038 Affected platforms: Cisco Unified Videoconferencing 3515,3522,3527,5230,3545, 5110,5115 Systems and unspecifi...
Cisco Security Response: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Response: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml Revision 1.0 For Public Release 2010 November 17 1600 UTC GMT...
SCADA Vendors Still Need Security Wake Up Call
Companies that make supervisory control and data acquisition SCADA and industrial control software are still dangerously lax when it comes to application security and vulnerable to attack, according to a researcher from security firm Tenable Inc. who warned that the use of coded administrative...
CVE-2010-2073
authdbconfig.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the 1 test, 2 user, and 3 roxon accounts, which allows remote attackers to read arbitrary files from the FTP server...
CVE-2010-2073
authdbconfig.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the 1 test, 2 user, and 3 roxon accounts, which allows remote attackers to read arbitrary files from the FTP server...
CVE-2010-2073
CVE-2010-2073 affects Pyftpd 0.8.4, where auth_db_config.py contains hard-coded usernames and passwords (test, user, roxon). This enables remote attackers to read arbitrary files from the FTP server due to hard-coded credentials. The issue is documented across multiple sources (NVD entry for CVE-...
CVE-2010-2073
Removed by vendor...
PT-2010-3684 · Pyftpd · Pyftpd
Name of the Vulnerable Software and Affected Versions: Pyftpd version 0.8.4 Description: The issue concerns hard-coded usernames and passwords in the auth db config.py file for the test, user, and roxon accounts. This allows remote attackers to read arbitrary files from the FTP server...
CVE-2010-1573
Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username Gemtek and password gemtekswd for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the 1 data1, 2 data2, or 3 data3 parameters to a Debugcommandpage.asp and b debug.cgi...
PT-2010-3244 · Linksys · Linksys Wap54Gv3
Name of the Vulnerable Software and Affected Versions: Linksys WAP54Gv3 firmware versions 3.04.03 and earlier Description: The issue allows remote attackers to execute arbitrary commands due to the use of hard-coded credentials for a debug interface on certain web pages. Specifically, the...
IBM Cognos Express Server Backdoor Account Remote Code Execution
Added: 05/25/2010 CVE: CVE-2010-0557 BID: 38084 OSVDB: 62118 Background IBM Cognos Express is an integrated business intelligence BI and planning solution which delivers the essential reporting, analysis, dashboard, scorecard, planning, budgeting and forecasting capabilities that midsize companie...
IBM Cognos Express Server Backdoor Account Remote Code Execution
Added: 05/25/2010 CVE: CVE-2010-0557 BID: 38084 OSVDB: 62118 Background IBM Cognos Express is an integrated business intelligence BI and planning solution which delivers the essential reporting, analysis, dashboard, scorecard, planning, budgeting and forecasting capabilities that midsize companie...