Zend Framework / zend-mail < 2.4.11 - Remote Code Execution

09607 09607 09607 See the full advisory URL for the exploit details. / // Attacker's input coming from untrusted source such as $GET , $POST etc. // For example from a Contact form with sender field $emailfrom = '"attacker" -oQ/tmp/ -X/var/www/cache/phpcode.php "@email.com'; // encoded phpinfo...

SAP Download Manager Information Disclosure Vulnerability

SAP Download Manager is the German SAP SAP company developed a set of Java applications for downloading software packages and support comments. A security vulnerability exists in SAP Download Manager version 2.1.142 and prior versions, which arises from the program's use of a hard-coded encryptio...

PT-2016-2997 · Siemens · Sicam Pas

Name of the Vulnerable Software and Affected Versions: Siemens SICAM PAS versions prior to 8.00 Description: The issue is related to a factory account with hard-coded passwords in SICAM PAS installations. This could allow attackers to gain privileged access to the database over Port 2638/TCP. The...

Advantech SUSIAccess Server Local Elevation of Privilege Vulnerability

SUSIAccess is an easy-to-use remote device management software solution. A local elevation of privilege vulnerability exists in Advantech SUSIAccess Server. Since the admin password is stored on the system and encrypted using a hard-coded static key in the program. An attacker can exploit the...

IBM BigFix Remote Controll Local Information Disclosure Vulnerability

IBM BigFix Remote Control is a set of remote control systems from IBM in the United States. A security vulnerability exists in IBM BigFix Remote Control 9.1.2 and earlier versions. A local attacker could exploit the vulnerability to discover hard-coded credentials...

SIEMENS SICAM PAS Arbitrary File Access Vulnerability

SICAM PAS is an energy automation solution for the operation of substation equipment. It has open communication interfaces for power system control and control of industrial power supply equipment. An arbitrary file access vulnerability exists in SIEMENS SICAM PAS. Due to the use of hard-coded...

Siemens SICAM PAS Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-336-01 Siemens SICAM PAS Vulnerabilities that was published December 1, 2016, on the NCCIC/ICS-CERT web site. Siemens has released an advisory to inform its users on how to mitigate vulnerabilities that affect...

Crestron AM-100 1.2.1 Path Traversal / Hard-Coded Credentials

================================================================= Crestron AM-100 Multiple Vulnerabilities ================================================================= Date: 2016-08-01 Exploit Author: Zach Lanier Vendor Homepage: https://www.crestron.com/products/model/am-100 Version:...

AMX Multiple Products Credential Management Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-049-02 AMX Multiple Products Credential Management Vulnerabilities that was published February 18, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 2 -------- ICS-CERT has become aware of...

Lynxspring JENEsys BAS Bridge Authentication Bypass Vulnerability

Lynxspring is a US based company.BAS Bridge is a web based SCADA system.BAS servers are deployed in areas such as commercial facilities, manufacturing, energy, water and wastewater systems and many more. An authentication bypass vulnerability exists in Lynxspring JENEsys BAS Bridge. Due to the la...

Fortinet FortiWLC Hard-Coded Security Bypass Vulnerability

Fortinet FortiWLC is a wireless controller from Fortinet. A security bypass vulnerability exists in the hardcoding of the Fortinet FortiWLC, which could be exploited by an attacker to gain access to the system and obtain sensitive information...

Django Hardcoded Password Security Bypass Vulnerability

Django is a set of Django Software Foundation based on the Python language open source Web application framework. The framework includes object-oriented mapper , view system , template system and so on. Django has a hard-coded password security bypass vulnerability that can be exploited by an...

Westermo Industrial Switch Hard-coded Certificate Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-028-01 Westermo Industrial Switch Hard-Coded Certificate Vulnerability that was published January 28, 2016, on the NCCIC/ICS-CERT web site. Independent researcher Neil Smith has identified a hard-coded certifica...

InfraPower PPS-02-S Q213V1 Hard-Coded Credentials Remote Root

InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary: InfraPower Manager PPS-02-S is a FREE built-i...

InfraPower PPS-02-S Q213V1 - Hard-Coded Credentials Vulnerability

Exploit for hardware platform in category remote exploits InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware:...

InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

InfraPower PPS-02-S Q213V1 - Hard-Coded Credentials

InfraPower PPS-02-S Q213V1 - Hard-Coded Credentials InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03...

InfraPower PPS-02-S Q213V1 - Hard-Coded Credentials

InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary: InfraPower Manager PPS-02-S is a FREE built-i...

Huawei OceanStor 5600 Product Hardcoded SSH Key Vulnerability

Huawei OceanStor 5600 is a storage product from Huawei China. The Huawei OceanStor 5600 product suffers from a hard-coded SSH key vulnerability. The SSH protocol is used for encrypted communication between the nodes of the device, and since the SSH public and private keys are stored in hard-coded...

Cisco Firepower Threat Management Console 6.0.1 - Hard-Coded MySQL Credentials Vulnerability

Exploit for linux platform in category local exploits Cisco Firepower Threat Management Console Hard-coded MySQL Credentials Title: Cisco Firepower Threat Management Console Hard-coded MySQL Credentials Advisory ID: KL-001-2016-005 Publication Date: 2016.10.05 Publication URL:...