205 matches found
CVE-2017-6707
A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core VPC Software could allow an authenticated, local attacker to break from the StarOS CLI of an...
Default credentials
Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account a hidden user account established by the vendor. This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to...
CVE-2017-9137
Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account a hidden user account established by the vendor. This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to...
Ceragon FibeAir IP-10 7.2.0 Hidden User Backdoor
Credits: Ian Ling + Website: iancaling.com + Source: http://blog.iancaling.com/post/160817658078 Vendor: ================= https://www.ceragon.com Products: ====================== Ceragon FibeAir IP-10 =7.2.0 latest version Vulnerability Types: =================== Hidden User Backdoor...
Trango Altum AC600 Default Root Login Vulnerability
Exploit for hardware platform in category web applications + Credits: Ian Ling + Website: iancaling.com + Source: http://blog.iancaling.com/post/155395764003 Vendor: ================= https://www.trangosys.com/ Product: ====================== -Altum AC600 Vulnerability Details:...
Trango Altum AC600 Default Root Login
Credits: Ian Ling + Website: iancaling.com + Source: http://blog.iancaling.com/post/155395764003 Vendor: ================= https://www.trangosys.com/ Product: ====================== -Altum AC600 Vulnerability Details: ===================== Trango Altum AC600a2s have a default root login...
Backdoor Vulnerability in Multiple Sony IPELA ENGINE IP Cameras
SNC-CH115, SNC-CH120 and SNC-CH160 are IP camera products from Sony. A backdoor vulnerability exists in multiple Sony IPELA ENGINE IP Cameras. A remote attacker can exploit the vulnerabilities to remotely manage the camera using Telnet/SSH services to gain root access to the Linux shell, affectin...
Sony IPELA ENGINE IP Cameras Backdoor Accounts Vulnerability
Sony IPELA ENGINE IP Cameras contain multiple backdoors that, among other functionality, allow an attacker to enable the Telnet/SSH service for remote administration over the network. Other available functionality may have undesired effects to the camera image quality or other camera functionalit...
Sony Closes Backdoors in IP-Enabled Cameras
Sony, in late November, provided a firmware update for a popular IP-enabled camera line used by enterprises and law enforcement alike that closed off remote administration backdoors. The backdoors could be abused to draft these devices into botnets or allow for manipulation of images and...
Sony IPELA ENGINE IP Cameras Backdoor Accounts
We have published an accompanying blog post to this technical advisory with further information: http://blog.sec-consult.com/2016/12/backdoor-in-sony-ipela-engine-ip-cameras.html SEC Consult Vulnerability Lab Security Advisory ======================================================================...
Cisco Aironet Access Points Command-Line Interpreter Linux Shell Command Injection Vulnerability
A vulnerability in the command-line interpreter of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an authenticated, local attacker to inject commands in the Linux shell. The commands could be executed with root-level privileges. The vulnerability is due to improper sanitizati...
Cisco Unified Communications Manager root Shell Access Local Privilege Escalation Vulnerability
A vulnerability in the local read file of the Cisco Unified Communications Manager could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user if the attacker has already obtained sensitive information from the system. The vulnerability ...
Cisco Unified Computing System Fabric Interconnect create certreq Command Injection Vulnerability
A vulnerability in the create certreq command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input. A...
Cisco Unified Computing System Fabric Interconnect clear sshkey Command Injection Vulnerability
A vulnerability in the clear sshkey command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input. An...
Cisco Unified Computing System Fabric Interconnect run-script Command Injection Vulnerability
A vulnerability in the run-script command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input. An...
Cisco Unified Computing System Fabric Interconnect activate firmware Command Injection Vulnerability
A vulnerability in the activate firmware command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input...
OpenSC Version Detection
Detects the installed version of OpenSC on the host. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
F5 FirePass 4100 SSL VPN My.Activiation.PHP3远程命令注入漏洞
F5's FirePass SSL VPN提供使用标准WEB浏览器对应用程序和数据进行安全访问的解决方案。 F5 FirePass 4100不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'my.activation.php3'脚本对用户提交的'username'参数缺少过滤,在部分条件下允许用户注入Linux SHELL命令,导致以WEB权限执行。 F5 FirePass 4100 厂商解决方案 可参考如下安全公告获得补丁信息: https://tech.f5.com/home/solutions/sol167.html...
CVE-2006-1961
Cisco CiscoWorks Wireless LAN Solution Engine WLSE and WLSE Express before 2.13, Hosting Solution Engine HSE and User Registration Tool URT before 20060419, and all versions of Ethernet Subscriber Solution Engine ESSE and CiscoWorks2000 Service Management Solution SMS allow local users to gain...
Command injection
Cisco CiscoWorks Wireless LAN Solution Engine WLSE and WLSE Express before 2.13, Hosting Solution Engine HSE and User Registration Tool URT before 20060419, and all versions of Ethernet Subscriber Solution Engine ESSE and CiscoWorks2000 Service Management Solution SMS allow local users to gain...