CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2016/05/14 4:0 p.m.•24 views

CVE-2016-4325

Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors...

9.4AI score0.02465EPSS

appercut•added 2016/05/13 12:0 a.m.•531 views

Allfresco Community Edition: source code security analysis report

Several vulnerabilities were discovered in Alfresco Software 'Allfresco Community Edition' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Использование метода finalize Отсутствие верификации цифровой подписи исполняемых...

0.6AI score

Prion•added 2016/05/09 10:59 a.m.•19 views

Hardcoded credentials

The Qualcomm hardware video codec in Android before 2016-05-01 on Nexus 5 devices allows remote attackers to cause a denial of service reboot via a crafted file, aka internal bug 26221024...

7.1CVSS7.1AI score0.00455EPSS

appercut•added 2016/05/04 12:0 a.m.•563 views

Drupal CMS: source code security analysis report

Several vulnerabilities were discovered in Drupal Association 'Drupal CMS' software: Incorrect User Input Filtration when Generating Code on the Fly Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Hardcoded Credentials Using Insufficiently Random...

2.3AI score

appercut•added 2016/05/01 12:0 a.m.•558 views

Apache Camel: source code security analysis report

Several vulnerabilities were discovered in The Apache Software Foundation 'Apache Camel' software: Using Synchronization Primitives in EJB components Missing Verification of Executable Files' Digital Signature when Executing them from Untrusted Sources Violating the Java Object Model Using...

0.5AI score

Prion•added 2016/04/25 6:59 p.m.•18 views

Hardcoded credentials

SysLINK SL-1000 Machine-to-Machine M2M Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another...

5CVSS7.2AI score0.00761EPSS

ThreatPost•added 2016/04/07 11:11 a.m.•10 views

ExaGrid Private SSH Key Removed

ExaGrid has removed a private SSH key and weak, hardcoded credentials shipping with all of its disk-based storage appliances. Updated firmware has been available since March 24 and storage and security managers are urged to update devices to version 4.8 P26. Researcher James Lee of Rapid7 private...

Metasploit•added 2016/04/07 9:17 a.m.•74 views

ExaGrid Known SSH Key and Default Password

ExaGrid ships a public/private key pair on their backup appliances to allow passwordless authentication to other ExaGrid appliances. Since the private key is easily retrievable, an attacker can use it to gain unauthorized remote access as root. Additionally, this module will attempt to use the...

9.8CVSS8.4AI score0.74261EPSS

Exploits5

0day.today•added 2016/04/07 12:0 a.m.•33 views

PLANET Technology IP Surveillance Cameras - Multiple Vulnerabilities

Exploit for php platform in category web applications Overview ======== Technical Risk: high Likelihood of Exploitation: medium Credits: Discovered and researched by Orwelllabs CVE-Number: N/A DWF: Submited Adivisory URL: http://www.orwelllabs.com/2016/02/planet-ip-surveillance-camera-local.html ...

7.1AI score

Exploit DB•added 2016/04/07 12:0 a.m.•45 views

PLANET Technology IP Surveillance Cameras - Multiple Vulnerabilities

| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-06 www.orwelllabs.com Twitter:@orwelllabs mantra: ...not affect a product that is in scope for... AhHum! Overview ======== Technical Risk: high Likelihood of...

7.4AI score

Exploit DB•added 2016/04/07 12:0 a.m.•45 views

ExaGrid - Known SSH Key and Default Password (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'net/ssh' class MetasploitModule 'ExaGrid Known SSH Key and Default Password', 'Description' = %q ExaGrid ships a public/private key pair on...

7.4AI score

exploitpack•added 2016/04/07 12:0 a.m.•31 views

PLANET Technology IP Surveillance Cameras - Multiple Vulnerabilities

PLANET Technology IP Surveillance Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-06 www.orwelllabs.com Twitter:@orwelllabs mantra: ...not affect a product that is in...

0.6AI score

NVD•added 2016/04/06 11:59 p.m.•15 views

CVE-2015-7921

The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials...

9.1CVSS9.4AI score0.0197EPSS

ATTACKERKB•added 2016/04/06 11:59 p.m.•2 views

CVE-2015-7921

9.1CVSS5.6AI score0.0197EPSS

Exploits0References2

Prion•added 2016/04/06 11:59 p.m.•12 views

Hardcoded credentials

6.4CVSS7.5AI score0.0197EPSS

Exploits0References1Affected Software4

CVE•added 2016/04/06 11:0 p.m.•60 views

CVE-2015-7921

The CVE describes hard-coded credentials in the FTP server of Pro-face GP-Pro EX (affected models EX-ED, PFXEXEDV, PFXEXEDLS, PFXEXGRPLS) prior to version 4.05.000, enabling remote authentication bypass. Root cause: hard-coded credentials in the FTP service. Impact: unauthorized access to device ...

9.1CVSS9.3AI score0.0197EPSS

Exploits0References1Affected Software4

Cvelist•added 2016/04/06 11:0 p.m.•26 views

CVE-2015-7921

9.5AI score0.0197EPSS