Insecure Defaults

Glassfish is found to be using insecure defaults. Glassfish supports SSLv3 by default, it has been proven to be insecure and was officially deprecated by the IETF in June 2015...

Schneider Electric Wonderware Historian Unauthorized Access Vulnerability

Schneider Electric Wonderware Historian is the French Schneider Electric Schneider Electric company's set of high-speed data acquisition and storage systems and traditional relational database management system combined with industrial data management software. An unauthorized access vulnerabilit...

WampServer 3.0.6 - Insecure File Permissions Vulnerability

WampServer Formerly WAMP5 is a Web development platform WAMP type, for operating locally without connecting to an external server PHP scripts. WampServer is not in itself a software but an environment with two servers Apache and MySQL, a script interpreter PHP and phpMyAdmin for administration We...

Synology NAS servers contain insecure default credentials

Overview Synology NAS servers DS107, DS116, and DS213, use default credentials. Description CWE-255: Credentials Management - CVE-2016-6554Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials o...

Pivotal Cloud Foundry Ops Manager Insecure Default Password Vulnerability

Pivotal Cloud Foundry PCF is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software, Inc. that provides container scheduling, continuous delivery, and automated service deployment, etc. PCF Ops Manager is one of the management tools used for deployment, online...

PQI Air Pen Express Wireless Router Multiple Vulnerabilities

This host has PQI Air Pen Express Wireless Router and is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

PQI Air Pen Express 6W51-0000R26W51-0000R2XXX - Multiple Vulnerabilities

PQI Air Pen Express 6W51-0000R26W51-0000R2XXX - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-03 www.orwelllabs.com Twitter:@orwelllabs magicword: d0ubl3th1nk1ng... Overview...

PQI Air Pen Express 6W51-0000R2 / 6W51-0000R2XXX - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Overview ======= Technical Risk: high Likelihood of Exploitation: medium Vendor: PQI Group Affected Products: PQI Air Pen Express - Wireless Router 6W51-0000R2 and 6W51-0000R2XXX Credits: Discovered and researched by Orwelllabs Adivisory...

Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability (cisco-sa-20160302-n3k)

A vulnerability in Cisco NX-OS Software running on Cisco Nexus 3000 Series Switches and Cisco Nexus 3500 Platform Switches could allow an unauthenticated, remote attacker to log in to the device with the privileges of the root user with bash shell access. Copyright C 2016 Greenbone Networks GmbH...

FreeBSD Configuration Information Disclosure Vulnerability

FreeBSD is a Unix-like operating system. FreeBSD suffers from a configuration information disclosure vulnerability that allows an attacker to access the daemon configuration file /etc/bsnmpd.conf due to the presence of an insecure default configuration in FreeBSD...

Master User, versions before 2.1.4

Versions before 2.1.4 suffered from an issue with insecure default settings, the issue affects Joomla 3.4 sites only, but users are advised by the developer to update anyway. Resolution: Update to version 2.1.4 Update notice URL:...

CVE-2012-6660

GE Healthcare Precision MPi has a password of 1 orion for the serviceapp user, 2 orion for the clinical operator user, and 3 PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent ...

CVE-2014-7232

GE Healthcare Discovery XR656 and XR656 Plus devices are affected by a vulnerability due to default or hard-coded credentials (insite user: 2getin; xruser: 4$xray; root: #superxr). The ICS-CERT advisory enumerates affected products and states that successful exploitation could bypass authenticati...

Lantronix Secure Console Server SCS820/SCS1620 Multiple Local Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14486/info Lantronix Secure Console Server SCS820/SCS1620 devices are susceptible to multiple local vulnerabilities. The first issue is an insecure default permission vulnerability. Attackers may exploit this vulnerabilit...

Linux-HA Heartbeat 1.2.3/2.0.x Insecure Default Permissions on Shared Memory Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19186/info Since Linux-HA Heartbeat has insecure default permissions set on shared memory, local attackers may be able to cause a denial of service. Exploitation would most likely result in a system crash, loss of data, a...

Sun J2EE/RI 1.4,Sun JDK 1.4.2 JDBC Database Insecure Default Policy Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/9444/info It has been reported that multiple JDBC database implementations include insecure default security policies. This could expose vulnerable databases to denial of service attacks. This could also permit remote...

Apache Cordova文件传输不安全默认值漏洞

BUGTRAQ ID: 65967 CVECAN ID: CVE-2014-0072 Cordova InAppBrowser是在您使用window.open呼叫时应用内显示的Web浏览器。 Cordova 2.6.0-2.9.0版本内的Cordova File-Transfer iOS插件、Cordova File-Transfer iOS单机版插件org.apache.cordova.file-transfer0.1.0 - 0.4.1版本中，trustAllHosts的默认值在iOS上设置为true，在实现上存在远程安全漏洞，目前细节未知。 0 Apache Group Cordo...

[SECURITY] [DSA 2452-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2452-1 [email protected] http://www.debian.org/security/ Stefan Fritsch April 15, 2012 http://www.debian.org/security/faq -...

[SECURITY] [DSA 2452-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2452-1 [email protected] http://www.debian.org/security/ Stefan Fritsch April 15, 2012 http://www.debian.org/security/faq -...

Java RMI Server Insecure Default Configuration Java Code Execution

Exploit for multiple platform in category remote exploits $Id: javarmiserver.rb 13186 2011-07-15 20:44:08Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on...