GSX Analyzer 10.12 / 11 - main.swf Hardcoded Superadmin Credentials

Exploit for windows platform in category web applications Exploit Title: GSX Analyzer hardcoded superadmin credentials in Main.swf Google Dork: inurl:"/Main.swf?cachebuster=" need to manually look for stringtitle "Loading GSX Analyzer ... 0%" Date: 12-07-16 Exploit Author: ndevnull Vendor Homepag...

Hardcoded credentials

Fonality previously trixbox Pro 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a 1 FTP or 2 SSH connection...

Hardcoded credentials

The Chrome HUDweb plugin before 2016-05-05 for Fonality previously trixbox Pro 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from...

Hardcoded credentials

NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from...

WooCommerce plugin for WordPress: source code security analysis report

Several vulnerabilities were discovered in WooThemes 'WooCommerce plugin for WordPress' software: File System Path Manipulation Using Global Variables Incorrect Newline Symbol Filtration in HTTP-response Headers Hardcoded Credentials...

CVE-2016-4328

MEDHOST Perioperative Information Management System aka PIMS or VPIMS before 2015R1 has hardcoded credentials, which makes it easier for remote attackers to obtain sensitive information via direct requests to the application database server...

Hardcoded credentials

MEDHOST Perioperative Information Management System aka PIMS or VPIMS before 2015R1 has hardcoded credentials, which makes it easier for remote attackers to obtain sensitive information via direct requests to the application database server...

CVE-2016-4328

MEDHOST Perioperative Information Management System aka PIMS or VPIMS before 2015R1 has hardcoded credentials, which makes it easier for remote attackers to obtain sensitive information via direct requests to the application database server...

CVE-2016-4328

CVE-2016-4328 affects MEDHOST PIMS (and related MEDHOST components) before 2015R1, where hard-coded credentials grant direct access to the customer database via the application server. Affected components include PIMS/VPIMS, with the CVSS indicating Critical impact (C/H, I/H, A/H) and NETWORK acc...

CVE-2016-2310

General Electric GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface...

Hardcoded credentials

General Electric GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface...

CVE-2016-2310

General Electric GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface...

CVE-2016-2310

General Electric GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface...

CVE-2016-2310

The CVE-2016-2310 issue affects GE Multilink switches (ML800, ML1200, ML1600, ML2400) with firmware before 5.5.0 and (ML810, ML3000, ML3100) with firmware before 5.5.0k. The underlying root cause is hardcoded credentials that allow remote attackers to modify configuration settings via the web int...

CVE-2016-4521

Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors...

CVE-2016-4521

Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors...

Hardcoded credentials

Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors...

CVE-2016-4521

Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors...

CVE-2016-4521

Sixnet BT-5xxx and BT-6xxx M2M devices are affected by a hardcoded credentials vulnerability (CVE-2016-4521) in firmware before 3.8.21 and 3.9.x before 3.9.8. The issue allows remote attackers to obtain access via unspecified vectors. Affected models include BT-5xxx/BT-6xxx series; remediation is...

ManageEngine Firewall Analyzer runQuery guest user SQL Injection

An SQL injection vulnerability exists in ManageEngine Firewall Analyzer. This vulnerability is due to the use of hardcoded credentials and insufficient validation of request parameters in HTTP requests to the runQuery servlet. By sending crafted requests to an affected server, a remote attacker c...