Lucene search
K

7654 matches found

Prion
Prion
added 2011/06/29 5:55 p.m.24 views

Hardcoded credentials

The HTML parser in Google Chrome before 12.0.742.112 does not properly address "lifetime and re-entrancy issues," which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

6.8CVSS7.5AI score0.01193EPSS
Exploits0References5Affected Software1
Exploit DB
Exploit DB
added 2011/06/12 12:0 a.m.47 views

IBM Tivoli Endpoint Manager - POST Query Buffer Overflow (Metasploit)

$Id: ibmtivoliendpointbof.rb 12925 2011-06-12 00:04:55Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

9CVSS7AI score0.62663EPSS
Exploits4
Metasploit
Metasploit
added 2011/06/11 11:48 p.m.53 views

IBM Tivoli Endpoint Manager POST Query Buffer Overflow

This module exploits a stack based buffer overflow in the way IBM Tivoli Endpoint Manager versions 3.7.1, 4.1, 4.1.1, 4.3.1 handles long POST query arguments. This issue can be triggered by sending a specially crafted HTTP POST request to the service lcfd.exe listening on TCP port 9495. To trigge...

9CVSS7.6AI score0.62663EPSS
Exploits4
OpenVAS
OpenVAS
added 2011/06/01 12:0 a.m.24 views

Nmap NSE net: smtp-open-relay

Attempts to relay mail by issuing a predefined combination of SMTP commands. The goal of this script is to tell if a SMTP server is vulnerable to mail relaying. An SMTP server that works as an open relay, is a email server that does not verify if the user is authorised to send email from the...

0.3AI score
Exploits0
RedHat Linux
RedHat Linux
added 2011/05/19 11:16 a.m.7 views

perl-CGI-Simple: - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting

CRLF injection vulnerability in the header function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline...

4.3CVSS7.5AI score0.02045EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2011/05/19 11:16 a.m.5 views

perl-CGI-Simple: - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting

The multipartinit function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v...

4.3CVSS7.5AI score0.02713EPSS
Exploits0References4
NVD
NVD
added 2011/05/05 2:39 a.m.35 views

CVE-2011-0756

The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port...

5CVSS6.4AI score0.01064EPSS
Exploits1References2
Prion
Prion
added 2011/05/05 2:39 a.m.19 views

Hardcoded credentials

The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port...

5CVSS6.8AI score0.01064EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2011/05/05 1:0 a.m.48 views

CVE-2011-0756

Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials in the application server, allowing remote attackers to connect via the management port through the remote console GUI and read security-event data. The linked Red Hat advisory confirms the same issue as CVE-2011-0756, a...

5CVSS6.6AI score0.01064EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2011/05/05 1:0 a.m.37 views

CVE-2011-0756

The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port...

6.4AI score0.01064EPSS
Exploits1References2
Prion
Prion
added 2011/03/18 4:55 p.m.17 views

Hardcoded credentials

Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System OTRS before 2.2.6, when the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled, allows remote authenticated users to bypass intended access restrictions, and perform certain 1 list and 2...

4.6CVSS6.7AI score0.00837EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2011/03/01 11:0 p.m.21 views

Hardcoded credentials

Google Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale nodes."...

7.5CVSS7.7AI score0.01977EPSS
Exploits2References11Affected Software4
Prion
Prion
added 2011/01/14 5:0 p.m.22 views

Hardcoded credentials

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document...

4.3CVSS7.5AI score0.0188EPSS
Exploits0References10Affected Software3
Prion
Prion
added 2011/01/10 8:0 p.m.16 views

Hardcoded credentials

Piwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

4.3CVSS6.9AI score0.01381EPSS
Exploits0References5Affected Software1
Exploit DB
Exploit DB
added 2010/12/02 12:0 a.m.57 views

ProFTPd 1.3.3c - Compromised Source Backdoor Remote Code Execution

== ProFTPD Compromise Report == On Sunday, the 28th of November 2010 around 20:00 UTC the main distribution server of the ProFTPD project was compromised. The attackers most likely used an unpatched security issue in the FTP daemon to gain access to the server and used their privileges to replace...

7.4AI score
Exploits0
ThreatPost
ThreatPost
added 2010/11/18 3:31 p.m.10 views

Hardcoded Password, Other Critical Bugs Found in Cisco UVC Software

There is a series of vulnerabilities in Cisco’s Unified Videoconferencing product, including a hardcoded password for several powerful accounts that can’t be changed or deleted. That bug and others disclosed Wednesday can be used to gain complete control of the device and possibly compromise othe...

0.4AI score
Exploits0References3
securityvulns
securityvulns
added 2010/11/18 12:0 a.m.32 views

Cisco Unified Videoconferencing multiple security vulnerabilities

Hardcoded user accounts, command execution, unauthorized access, password storing in reversible encryption, weak permissions, session hijacking, information leaks...

10CVSS3.6AI score0.03372EPSS
Exploits0References2Affected Software1
exploitpack
exploitpack
added 2010/11/05 12:0 a.m.93 views

Google Android 2.0 2.1 - Code Execution (Reverse Shell 10.0.2.2:2222TCP)

Google Android 2.0 2.1 - Code Execution Reverse Shell 10.0.2.2:2222TCP // bug = webkit code execution CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 // listed as a safari bug but also works on android : //tested = moto droid 2.0.1 , moto droid 2.1 , emulater 2.0 - 2.1...

9.3CVSS0.8AI score0.61319EPSS
Exploits13
Prion
Prion
added 2010/10/21 7:0 p.m.22 views

Hardcoded credentials

Google Chrome before 7.0.517.41 does not properly handle forms, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted HTML document...

9.3CVSS7.5AI score0.02133EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2010/10/21 7:0 p.m.14 views

Hardcoded credentials

Opera before 10.63 allows remote attackers to cause a denial of service application crash via a Flash movie with a transparent Window Mode aka wmode property, which is not properly handled during navigation away from the containing HTML document...

4.3CVSS6.9AI score0.01888EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder