ZModo ZP-NE14-S DVR and ZP-IBH-13W Recorder Security Bypass Vulnerability

The ZModo ZP-NE14-S DVR and the ZModo ZP-IBH-13W are both digital video recorders from ZModo China. A security bypass vulnerability exists in the ZModo ZP-NE14-S DVR and ZP-IBH-13W video recorders, which stems from the program's use of hard-code certificates. A remote attacker could exploit the...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-976)

This update for java-170-openjdk fixes the following issues : - Update to 2.6.7 - OpenJDK 7u111 - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 - S8147771: Construction of static protection...

Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials

Overview The Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials and run telnet by default. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-5081According to the reporter, the Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain undocumented credentials for...

Security update for java-1_7_0-openjdk (important)

This update for java-170-openjdk fixes the following issues: - Update to 2.6.7 - OpenJDK 7u111 Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 - S8147771: Construction of static protection domai...

AB Rockwell Automation MicroLogix 1400 Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0184 AB Rockwell Automation MicroLogix 1400 Code Execution Vulnerability August 11, 2016 CVE Number CVE-2016-5645 Description An exploitable Use of Hard-coded Credentials Undocumented Community String vulnerability exists in the SNMP functionality of...

openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-944)

This update for java-180-openjdk fixes the following issues : - Upgrade to version jdk8u101 icedtea 3.1.0 - New in release 3.1.0 2016-07-25 : - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking boo989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only boo989734 -...

Crestron Electronics DM-TXRX-100-STR Hardcoded Password Vulnerability

The Crestron Electronics DM-TXRX-100-STR is a multimedia streaming codec. The Crestron Electronics DM-TXRX-100-STR 1.3039.00040 has a hard-coded password for the admin account. This could allow a remote attacker to gain access through the web management interface...

Crestron Electronics DM-TXRX-100-STR Man-in-the-Middle Attack Vulnerability

The Crestron Electronics DM-TXRX-100-STR is a multimedia streaming codec. The Crestron Electronics DM-TXRX-100-STR 1.3039.00040 uses a hard-coded X.509 certificate from the OpenSSL Test Certification Authority. This allows a man-in-the-middle attacker to spoof a server and obtain sensitive...

Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities

Overview Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and...

Iris ID IrisAccess iCAM4000iCAM7000 - Hard-Coded Credentials Remote Shell Access

Iris ID IrisAccess iCAM4000iCAM7000 - Hard-Coded Credentials Remote Shell Access Iris ID IrisAccess iCAM4000/iCAM7000 Hardcoded Credentials Remote Shell Access Vendor: Iris ID, Inc. Product web page: http://www.irisid.com http://www.irisid.com/productssolutions/irisaccesssystem/irisaccess4000/...

Schneider Electric PowerLogic PM8ECC Hard-coded Password Vulnerability

OVERVIEW Independent researcher He Congwen has identified a hard-coded password vulnerability in Schneider Electric’s PowerLogic PM8ECC device. Schneider Electric has produced a patch to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following...

Deepmagic Information Gathering Tool: DMitry

Deepmagic Information Gathering Tool DMitry Deepmagic Information Gathering Tool is a UNIX/GNU Linux Command Line program coded purely in C with the ability to gather as much information as possible about a host. DMitry has a base functionality with the ability to add new functions, the basic...

Unspecified Vulnerability in Schneider Electric Pelco Digital Sentry Video Management System

Schneider Electric Pelco Digital Sentry Video Management System is a video recording system from Schneider Electric France. A security vulnerability exists in the Schneider Electric Pelco Digital Sentry Video Management System using firmware prior to version 7.13, which stems from the program's u...

GSX Analyzer 10.1211 - main.swf Hard-Coded Superadmin Credentials

GSX Analyzer 10.1211 - main.swf Hard-Coded Superadmin Credentials Exploit Title: GSX Analyzer hardcoded superadmin credentials in Main.swf Google Dork: inurl:"/Main.swf?cachebuster=" need to manually look for stringtitle "Loading GSX Analyzer ... 0%" Date: 12-07-16 Exploit Author: ndevnull Vendor...

GSX Analyzer 10.12/11 - 'main.swf' Hard-Coded Superadmin Credentials

Exploit Title: GSX Analyzer hardcoded superadmin credentials in Main.swf Google Dork: inurl:"/Main.swf?cachebuster=" need to manually look for stringtitle "Loading GSX Analyzer ... 0%" Date: 12-07-16 Exploit Author: ndevnull Vendor Homepage: http://www.gsx.com/products/gsx-analyzer Software Link:...

Trane ComfortLink II Privilege Access Vulnerability

Trane ComfortLink II is a set of connection control components for use in home intelligence systems from Trane UK. A privilege-acquisition vulnerability exists in the Trane ComfortLink II using firmware version 2.0.2, which originates from the program's installation of user credentials with a...

Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypass

Overview The Netgear D6000 and D3600 routers are vulnerable to authentication bypass and contain hard-coded cryptographic keys embedded in their firmware. Description CWE-321: Use of Hard-coded Cryptographic Key -- CVE-2015-8288The firmware for these devices contains a hard-coded RSA private key,...

IBM Security Guardium Database Activity Monitor Information Disclosure Vulnerability

IBM Security Guardium Database Activity Monitor is a database activity monitor product from IBM USA. The product provides features such as automated controls for compliance and protection against internal and external threats. A security vulnerability exists in IBM Security Guardium Database...

Fonality FTP Hardcoding Vulnerability

Fonality is an open source telephone switch solution with integrated VoIP and CRM features. Fonality FTP uses hard-coded usernames and passwords with a security vulnerability that allows remote attackers to log in as 'nobody' and obtain a shell...

Configuration option control vulnerability in various GE products

GE ML800 and others are Ethernet switch products from General Electric GE. Various GE products use hard-coded certificates, allowing a remote attacker to exploit the vulnerability to gain administrator privileges for device configuration and control all available configuration options through a w...