997 matches found
Cisco Stealthwatch Management Console Authentication Bypass Vulnerability
A vulnerability in the Stealthwatch Management Console SMC of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system...
Oracle Linux 7 : setup (ELSA-2018-3249)
The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2018-3249 advisory. 2.8.71-10 - fix crudp name in /etc/protocols 1566469 - do not list /sbin/nologin and /usr/sbin/nologin in /etc/shells 1571104 Tenable has extracted the precedin...
[SECURITY] Fedora 28 Update: systemd-238-10.git438ac26.fc28
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...
[SECURITY] Fedora 29 Update: systemd-239-6.git9f3aed1.fc29
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...
Low: Red Hat Security Advisory: setup security and bug fix update
An update for setup is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Hikvision IP Camera Default Credentials (HTTP)
The remote Hikvision IP camera device is using known default credentials. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...
HangZhou XiongMai Technologies Net Surveillance Default Credentials (HTTP)
The remote installation of HangZhou XiongMai Technologies Net Surveillance is using known default credentials for the HTTP login. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Default credentials
Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU...
CVE-2018-10605
Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU...
CVE-2018-10605
CVE-2018-10605 affects Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4. The vulnerability stems from Incorrect Default Permissions (CWE-276): an attacker can connect to the RTU using default credentials to modify/upload a new system configuration or take full control of the RTU, due to m...
GeoVision IP Camera Default Credentials (HTTP)
The remote installation of GeoVision IP Camera is using known default credentials. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
Digital Watchdog Spectrum Default Credentials (HTTP)
The remote installation of Digital Watchdog Spectrum is using known default credentials. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Canon Network Camera Default Credentials (HTTP)
The remote Canon Network Camera is using known default credentials. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Axis Devices Default Credentials (HTTP)
The remote Axis device is using known default credentials for the HTTP login. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...
VideoIQ Camera Default Credentials (HTTP)
The remote VideoIQ Camera is using known default credentials. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Elastic Elasticsearch Public WAN (Internet) / Public LAN Accessible
The script checks if the target host is running an Elastic Elasticsearch service accessible from a public WAN Internet / public LAN. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2018-13013
Improper check of unusual conditions when launching msiexec.exe in safensec.com SysWatch service in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.9 allows the local attacker to bypass a code-signing protection...
CVE-2018-13013
The CVE-2018-13013 entry affects SAFE’N’SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite prior to 4.4.9. Root cause: improper check of unusual conditions when launching msiexec.exe via the SysWatch service, allowing a local attacker to...
Search and Dump System Configuration: otseca
The main assumption of creating this tool was easier and faster delivery of commands sets to be performed on customer environments. As a result of such a scan I wanted to get the most useful information about system components that will be subjected to penetration tests and audits at a later time...
Otseca - Security Auditing Tool To Search And Dump System Configuration
Otseca is a open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats. For more information, see wiki. How To Use It's simple: Clone this repository git clone https://github.com/trimstray/otseca Go into the repository...