Seagate Central Remote Root Security Bypass Vulnerability

Seagate Central by default has a passwordless root account and no option to change it. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Seagate Central Remote Root

!/usr/bin/python seagateftpremoteroot.py Seagate Central Remote Root Exploit Jeremy Brown jbrown3264/gmail May 2015 -Synopsis- Seagate Central by default has a passwordless root account and no option to change it. One way to exploit this is to log into it's ftp server and upload a php shell to th...

Seagate Central Remote Root Exploit

Seagate Central by default has a passwordless root account and no option to change it. This exploit logs into the ftp server and uploads a php shell to the webroot. From there, the uploaded shell can execute commands with root privileges as lighttpd. !/usr/bin/python seagateftpremoteroot.py Seaga...

Seagate Central 2014.0410.0026-F - Remote Command Execution

Seagate Central 2014.0410.0026-F - Remote Command Execution !/usr/bin/python seagateftpremoteroot.py Seagate Central Remote Root Exploit Jeremy Brown jbrown3264/gmail May 2015 -Synopsis- Seagate Central by default has a passwordless root account and no option to change it. One way to exploit this...

Seagate Central 2014.0410.0026-F - Remote Facebook Access Token

!/usr/bin/python seagatecentralfacebook.py Seagate Central Remote Facebook Access Token Exploit Jeremy Brown jbrown3264/gmail May 2015 -Synopsis- Seagate Central stores linked Facebook account access tokens in /etc/archiveaccounts.ser and this exploit takes advantage of two bugs: 1 Passwordless...

This MicroSD Card Has Entire Secure Computer Inside It

As Millions of Hackers, Spammers and Scammers are after your sensitive online data, you can't really expect your passwords to stay secure forever, even if you are using long passwords. Most of us might be worried about losing our passwords as we keep signing up for online services. However, Googl...

Ceragon FibeAir IP-10 SSH Private Key Exposure

Ceragon ships a public/private key pair on FibeAir IP-10 devices that allows passwordless authentication to any other IP-10 device. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "mateidu" user. This module requires Metasploit:...

Passwordless Login Plugin - Multiple Input XSS

The Passwordless Login WordPress plugin was affected by a Multiple Input XSS security vulnerability...

WordPress Passwordless Login Plugin - Multiple Input XSS

This plugin is prone to a cross site scripting vulnerability. Solution Update the plugin...

SA-CONTRIB-2014-103 - Passwordless - Cross Site Scripting (XSS)

This module replaces the regular Drupal login form with a modification of the password-request form, to give the possibility to log in without using a password. The module doesn't sufficiently sanitize user-generated text entered in the module's configuration form. This vulnerability is mitigated...

F5 BIG-IP SSH Private Key Exposure

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'net/ssh' cla...

Loadbalancer.org Enterprise VA SSH Private Key Exposure

Loadbalancer.org ships a public/private key pair on Enterprise virtual appliances version 7.5.2 that allows passwordless authentication to any other LB Enterprise box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root. This module requires...

"Security vulnerability"without a password will be able to turn off"find my iPhone"-vulnerability warning-the black bar safety net

The current iOS 7.0.4 system found a major Bug, no need password to turn off iCloud in the“find my iPhone ”function, and delete the existing account. ! Just a few simple steps it is possible to reproduce this Bug, MacRumors attempts can be found in the 7.0.4 system of the iPhone and iPad to...

Fedora 19 : lynis-1.3.6-1.fc19 (2013-22768)

1.3.6 2013-12-03 New : - Support for the dntpd time daemon - New Apache test for modules HTTP-6632 - Apache test for modevasive HTTP-6640 - Apache test for modqos HTTP-6641 - Apache test for modspamhaus HTTP-6642 - Apache test for ModSecurity HTTP-6643 - Check for installed package audit tool...

Passwordless login

Users are able to log themselves in with a blank password, even for users who are NOT currently in the users table ie have never previously logged in...

krb5: kadmind denial of service

The check16dummy function in lib/kadm5/srv/svrprincipal.c in kadmind in MIT Kerberos 5 aka krb5 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service NULL pointer dereference and daemon crash via a KRB5KDBDISALLOWALLTIX create request that...

virt-v2v: vnc password protection is missing after vm conversion

virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password...

Gentoo Security Advisory GLSA 200804-24 (dbmail)

The remote host is missing updates announced in advisory GLSA 200804-24. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200804-24 (dbmail)

The remote host is missing updates announced in advisory GLSA 200804-24. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[ GLSA 200804-24 ] DBmail: Data disclosure

Gentoo Linux Security Advisory GLSA 200804-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...