566 matches found
Cisco SD-WAN Solution vContainer Access Control Error Vulnerability
Cisco SD-WAN Solution is a set of network extension solutions from Cisco. vContainer is one of the container components. An Access Control Error vulnerability exists in Cisco SD-WAN Solution vContainer, which stems from an insecure default configuration. An attacker could exploit the vulnerabilit...
Insecure Default Configuration
tripleoheattemplates is vulnerable to insecure default configuration. The vulnerabilty exists due to the default configuration set for the OpenDayLight ODL admin users' credentials, allowing malicious users to gain unauthorized access...
The vulnerability of the Cisco Digital Network Architecture (DNA) Center’s network management system is related to the insecure default configuration settings. This allows attackers to bypass authentication procedures, gain access to system files, and modify them.
The vulnerability of the Cisco Digital Network Architecture DNA Center network management system arises from insecure default configuration settings. Exploiting this vulnerability could allow a malicious actor to bypass authentication procedures, gain access to system files, and modify them...
Double free
In MasteringMetadata::Parse of mkvparser.cc there is a possible double free due to an insecure default value. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1...
CVE-2018-12441
The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARYPATHNAME, leading to complete control of the affected system. The issue exists due ...
CVE-2018-12441
The CorsairService in Corsair Utility Engine has insecure default permissions: the Everyone group is granted SERVICE_ALL_ACCESS, enabling unprivileged local users to modify CorsairService BINARY_PATH_NAME and execute arbitrary commands, resulting in complete control of the system. Connected docum...
Cisco Digital Network Architecture Center Certification Bypass Vulnerability
Cisco Digital Network Architecture Center DNA Center is a set of digital network architecture solutions from the U.S. company Cisco Cisco. The program can extend and protect devices, applications, etc. within the network. An authentication bypass vulnerability exists in Cisco DNA Center version...
CVE-2018-16959
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is delivered with an insecure default User Profile community configuration that allows anonymous users to retrieve the account names of all portal users via /portal/server.pt/user/user/ requests. When WCI ...
Oracle WebCenter Interaction Portal Information Disclosure Vulnerability
Oracle WebCenter Interaction is Oracle's suite for creating enterprise portals, collaborative communities, portfolio applications, and social applications.Oracle WebCenter Interaction Portal is one of the management interfaces. An information disclosure vulnerability exists in Oracle WebCenter...
Insecure Default Configuration
tripleoheattemplates is vulnerable to insecure default configuration. The vulnerabilty exists due to the default configuration set for the OpenDayLight ODL admin users' credentials, allowing malicious users to gain unauthorized access...
CVE-2018-7533
An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system...
Default credentials
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service application hang via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the...
Telnet IoT Honeypot - Python Telnet Honeypot For Catching Botnet Binaries
This project implements a python telnet server trying to act as a honeypot for IoT Malware which spreads over horribly insecure default passwords on telnet servers on the internet. Other than https://github.com/stamparm/hontel or https://github.com/micheloosterhof/cowrie examples, which provides...
CVE-2015-9245
Progress Software OpenEdge 10.2x and 11.x are affected by CVE-2015-9245 due to an insecure default configuration. The vulnerability allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes through port 20931. This is rooted in the def...
Insecure Defaults
cordova-plugin-file-transfer has insecure default. The default value for trustAllHosts is true for iOS applications. By using this flaw, attackers can easily spoof SSL servers and have them be trusted by the application...
The vulnerability of the Android operating system from the CAF repository exists due to insufficiently robust data encryption. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Android operating system from the CAF repository is related to insufficiently robust data encryption. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information, as insecure algorithms we...
Cisco Ultra Services Framework Element Manager Insecure Default Password Vulnerability Vulnerability
Cisco Ultra Services Framework is an intelligent online services payment platform from Cisco, Inc.Element Manager is one of the software used to manage server switches. A security vulnerability exists in Cisco Ultra Services Framework Element Manager. A remote attacker could exploit the...
CVE-2017-6692
A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCvd85710. Known Affected Releases:...
CVE-2017-6684
A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76651. Known Affected Releases: 21.0.0...
CVE-2017-6686
A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76699. Known...