7654 matches found
Hardcoded credentials
The HTML parser in Google Chrome before 12.0.742.112 does not properly address "lifetime and re-entrancy issues," which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...
IBM Tivoli Endpoint Manager - POST Query Buffer Overflow (Metasploit)
$Id: ibmtivoliendpointbof.rb 12925 2011-06-12 00:04:55Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
IBM Tivoli Endpoint Manager POST Query Buffer Overflow
This module exploits a stack based buffer overflow in the way IBM Tivoli Endpoint Manager versions 3.7.1, 4.1, 4.1.1, 4.3.1 handles long POST query arguments. This issue can be triggered by sending a specially crafted HTTP POST request to the service lcfd.exe listening on TCP port 9495. To trigge...
Nmap NSE net: smtp-open-relay
Attempts to relay mail by issuing a predefined combination of SMTP commands. The goal of this script is to tell if a SMTP server is vulnerable to mail relaying. An SMTP server that works as an open relay, is a email server that does not verify if the user is authorised to send email from the...
perl-CGI-Simple: - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting
CRLF injection vulnerability in the header function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline...
perl-CGI-Simple: - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting
The multipartinit function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v...
CVE-2011-0756
The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port...
Hardcoded credentials
The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port...
CVE-2011-0756
Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials in the application server, allowing remote attackers to connect via the management port through the remote console GUI and read security-event data. The linked Red Hat advisory confirms the same issue as CVE-2011-0756, a...
CVE-2011-0756
The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port...
Hardcoded credentials
Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System OTRS before 2.2.6, when the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled, allows remote authenticated users to bypass intended access restrictions, and perform certain 1 list and 2...
Hardcoded credentials
Google Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale nodes."...
Hardcoded credentials
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document...
Hardcoded credentials
Piwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...
ProFTPd 1.3.3c - Compromised Source Backdoor Remote Code Execution
== ProFTPD Compromise Report == On Sunday, the 28th of November 2010 around 20:00 UTC the main distribution server of the ProFTPD project was compromised. The attackers most likely used an unpatched security issue in the FTP daemon to gain access to the server and used their privileges to replace...
Hardcoded Password, Other Critical Bugs Found in Cisco UVC Software
There is a series of vulnerabilities in Cisco’s Unified Videoconferencing product, including a hardcoded password for several powerful accounts that can’t be changed or deleted. That bug and others disclosed Wednesday can be used to gain complete control of the device and possibly compromise othe...
Cisco Unified Videoconferencing multiple security vulnerabilities
Hardcoded user accounts, command execution, unauthorized access, password storing in reversible encryption, weak permissions, session hijacking, information leaks...
Google Android 2.0 2.1 - Code Execution (Reverse Shell 10.0.2.2:2222TCP)
Google Android 2.0 2.1 - Code Execution Reverse Shell 10.0.2.2:2222TCP // bug = webkit code execution CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 // listed as a safari bug but also works on android : //tested = moto droid 2.0.1 , moto droid 2.1 , emulater 2.0 - 2.1...
Hardcoded credentials
Google Chrome before 7.0.517.41 does not properly handle forms, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted HTML document...
Hardcoded credentials
Opera before 10.63 allows remote attackers to cause a denial of service application crash via a Flash movie with a transparent Window Mode aka wmode property, which is not properly handled during navigation away from the containing HTML document...