Lucene search
+L

100 matches found

kitploit
kitploit
added 2019/05/10 9:30 p.m.277 views

iCULeak - Tool To Find And Extract Credentials From Phone Configuration Files Hosted On Cisco CUCM

Tool to find and extract credentials from phone configuration files in environments managed by Cisco's CUCM Call Manager. When using Cisco's CUCM Call Manager, phone configuration files are stored on a TFTP server. These phone configuration files quite frequently contain sensitive data, including...

7.3AI score
Exploits0References2
osv
osv
added 2019/03/05 9:29 p.m.4 views

CVE-2019-3918

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces...

9.8CVSS7.3AI score0.01979EPSS
Exploits1References1
prion
prion
added 2018/10/30 6:29 p.m.21 views

Hardcoded credentials

An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70E102.0019 devices. Hardcoded root SSH credentials were discovered to be stored within the "coreapp" binary utilised by the EE router for networking services. An attacker with knowledge of the default password oelinux123 could login to the rout...

8.3CVSS8.8AI score0.02368EPSS
Exploits3References2Affected Software1
redhatcve
redhatcve
added 2018/06/28 9:49 a.m.20 views

CVE-2018-1000601

A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system...

6.5CVSS5.1AI score0.01013EPSS
Exploits0References2
nvd
nvd
added 2018/06/26 5:29 p.m.17 views

CVE-2018-1000601

A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system...

6.5CVSS6.3AI score0.01013EPSS
Exploits0References1
cvelist
cvelist
added 2018/06/26 5:0 p.m.18 views

CVE-2018-1000601

A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system...

6.3AI score0.01013EPSS
Exploits0References1
veracode
veracode
added 2018/05/09 3:16 a.m.5 views

Malicious Package

ssh-decorator is a malicious package. The package contains a backdoor to steal a user's ssh credentials...

6.7AI score
Exploits0
cnvd
cnvd
added 2017/10/04 12:0 a.m.5 views

Flying Fishstar VE602W+ Router Has Information Disclosure Vulnerability

Flyingfish Star VE602W+ is a newly developed Internet Behavior Management Router from Chengdu Flyingfish Star Technology Development Co. There is an information leakage vulnerability in FMS VE602W+ router. The vulnerability is caused by the leakage of the administrator password hash of FMS VE602W...

7.6AI score
Exploits0
nvd
nvd
added 2015/08/23 9:59 p.m.22 views

CVE-2015-2907

Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password...

9CVSS6.7AI score0.02563EPSS
Exploits0References2
cvelist
cvelist
added 2015/08/23 9:0 p.m.26 views

CVE-2015-2907

Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password...

6.7AI score0.02563EPSS
Exploits0References2
openvas
openvas
added 2015/01/05 12:0 a.m.10 views

Fedora Update for jenkins-ssh-credentials-plugin FEDORA-2014-15776

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
fedora
fedora
added 2014/12/06 10:55 a.m.14 views

[SECURITY] Fedora 21 Update: jenkins-ssh-credentials-plugin-1.10-3.fc21

This package provides Jenkins SSH credentials plugin...

3.2AI score
Exploits0
thn
thn
added 2013/03/21 5:29 p.m.13 views

South Korea Cyber Attack, Wiper malware and Chinese IP Address

Yesterday we reported about a massive Cyber attack on South Korea that was responsible for shutting down networks of South Korean banks and TV broadcasters. Police are still investigating the cyber attack but the country's Communications Commission has revealed that the hacking originated from a...

7AI score
Exploits0
openvas
openvas
added 2012/10/24 12:0 a.m.10 views

SSH Authorization

This script allows users to enter the information required to authorize and login via ssh protocol. These data will be used by other tests to executed authenticated checks. OpenVAS $Id: sshauthorizationinit.nasl 6063 2017-05-03 09:03:05Z teissa $ Description: This script allows to set SSH...

0.5AI score
Exploits0
cve
cve
added 2010/05/07 5:43 p.m.45 views

CVE-2009-4845

The CVE-2009-4845 entry concerns ToutVirtual VirtualIQ Pro 3.2 build 7882, where the configuration page stores SSH credentials in cleartext. The root cause is exposure of usernames and passwords via the configuration UI, enabling remote attackers to obtain sensitive information without exploiting...

5CVSS6.5AI score0.01205EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2010/05/07 5:43 p.m.17 views

CVE-2009-4845

The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 contains cleartext SSH credentials, which allows remote attackers to obtain sensitive information by reading the username and password fields...

6.4AI score0.01205EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2003/02/19 5:0 a.m.22 views

CVE-2003-0048

PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials...

4.6CVSS5.9AI score0.00381EPSS
Exploits0References1
nvd
nvd
added 2003/02/19 5:0 a.m.13 views

CVE-2003-0048

PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials...

4.6CVSS6.5AI score0.00381EPSS
Exploits0References4
osv
osv
added 2003/02/19 5:0 a.m.6 views

CVE-2003-0048

PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials...

6.7AI score
Exploits0References5
debiancve
debiancve
added 2003/02/01 5:0 a.m.26 views

CVE-2003-0048

PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials...

4.6CVSS6.3AI score0.00381EPSS
Exploits0
Rows per page
Query Builder