Fonality contains a hard-coded password and embedded SSL private key

Overview Fonality previously trixbox Pro version 12.6 and later uses a hard-coded password, and the accompanying HUDweb plugin embeds a private SSL key. Description CWE-259: Use of Hard-coded Password - CVE-2016-2362According to the reporter, FTP is used to sync phone configurations for users, by...

Lorex ECO DVR Backdoor Account

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 1. ADVISORY INFORMATION ======================= Product: Lorex ECO DVR Vendor URL: https://www.lorextechnology.com/ Type: Hard coded password CWE-259 Date found: 2016-05-04 Date published: 2016-05-30 CVE: - 2. CREDITS ========== This vulnerability w...

MEDHOST Perioperative Information Management System Unauthorized Operation Vulnerability

MEDHOST Perioperative Information Management System PIMS is a suite of solutions covering surgical treatment, nursing care and other services from MEDHOST, Inc. that includes an anesthesia information management system AIMS, remote host control and streamlined patient tracking. A security...

MEDHOST Perioperative Information Management System contains hard-coded database credentials

Overview MEDHOST Perioperative Information Management System PIMS versions prior to 2015R1 contain hard-coded credentials that are used for customer database access. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-4328MEDHOST PIMS, previously branded as VPIMS, contains hard-coded...

Lantronix xPrintServer Privilege Gain Vulnerability

Lantronix xPrintServer is a print server from Lantronix Network Technologies USA. A security vulnerability exists in the Lantronix xPrintServer using firmware versions prior to 5.0.1-65 that stems from the program's use of hard-coded certificates. A remote attacker could exploit the vulnerability...

Lantronix xPrintServer contains multiple vulnerabilities

Overview The Lantronix xPrintServer and its accompanying cloud storage API contains several vulnerabilities. Description CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' - CVE-2014-9002An unauthenticated attacker can include a shell command inside the 'c'...

Pornhub: Weak user aunthentication on mobile application - I just broken userKey secret password

The researcher discovered a hard coded authentication bypass on the mobile app...

HP Data Protector Hard-coded Cryptographic Key (HPSBGN03580)

The HP Data Protector application running on the remote host contains an embedded SSL private key that is shared across all installations. An attacker can exploit this to perform man-in-the-middle attacks against the host or have other potential impacts. %NASLMINLEVEL 70300 C Tenable Network...

Merit Lilin IP Cameras - Multiple Vulnerabilities

/ \ / \ / \ / \ / \ / \ / \ / \ / \ / \ 0 | R | W | 3 | L | L | L | 4 | 8 | 5 / / / / / / / / / / www.orwelllabs.com securityadivisory @orwelllabs ;r By sitting in the alcove, and keeping well back, Winston was able to remain outside the range of the telescreen... Adivisory Information...

Merit Lilin IP Cameras - Multiple Vulnerabilities

Exploit for cgi platform in category web applications Adivisory Information ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Title: Merit Lilin IP Cameras Multiple Vulnerabilities + Vendor: Merit Lilin Enterprise Co., Ltd. + Research and Advisory: Orwelllabs + Adivisory URL:...

Merit Lilin IP Cameras - Multiple Vulnerabilities

Merit Lilin IP Cameras - Multiple Vulnerabilities / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ 0 | R | W | 3 | L | L | L | 4 | 8 | 5 / / / / / / / / / / www.orwelllabs.com securityadivisory @orwelllabs ;r By sitting in the alcove, and keeping well back, Winston was able to remain outside the...

Systech SysLINK M2M Modular Gateway Privilege Gain Vulnerability

The Systech SysLINK SL-1000 M2M Machine-to-Machine Modular Gateway is a router product from Systech, Inc. that provides DHCP, NAT, VPN, and firewall features. A privilege-acquisition vulnerability exists in the web interface of the Systech SysLINK SL-1000 M2M Modular Gateway using firmware prior ...

SysLINK M2M Modular Gateway contains multiple vulnerabilities

Overview The SysLINK SL-1000 M2M Machine-to-Machine Modular Gateway contains multiple vulnerabilities. Description According to the researcher, the SysLINK SL-1000 M2M Modular Gateway contains multiple vulnerabilities:CWE-259: Use of Hard-coded Password - CVE-2016-2331 By default, the device's we...

TH692 Outdoor P2P HD Waterproof IP Camera - Hard Coded Credentials

Exploit for hardware platform in category dos / poc Exploit Title: TH692- Outdoor P2P HD Waterproof IP Camera hardcoded credentials Date: 4/16/2016 Exploit Author: DLY Vendor: TENVIS Technology Co., Ltd Product: TH692- Outdoor P2P HD Waterproof IP Camera Product webpage:...

TH692 Outdoor P2P HD Waterproof IP Camera Hard-Coded Credentials

Exploit Title: TH692- Outdoor P2P HD Waterproof IP Camera hardcoded credentials Date: 4/16/2016 Exploit Author: DLY Vendor: TENVIS Technology Co., Ltd Product: TH692- Outdoor P2P HD Waterproof IP Camera Product webpage: http://www.tenvis.com/th-692-outdoor-p2p-hd-waterproof-ip-camera-p-230.html...

TH692 Outdoor P2P HD Waterproof IP Camera - Hard-Coded Credentials

TH692 Outdoor P2P HD Waterproof IP Camera - Hard-Coded Credentials Exploit Title: TH692- Outdoor P2P HD Waterproof IP Camera hardcoded credentials Date: 4/16/2016 Exploit Author: DLY Vendor: TENVIS Technology Co., Ltd Product: TH692- Outdoor P2P HD Waterproof IP Camera Product webpage:...

TH692 Outdoor P2P HD Waterproof IP Camera - Hard-Coded Credentials

Exploit Title: TH692- Outdoor P2P HD Waterproof IP Camera hardcoded credentials Date: 4/16/2016 Exploit Author: DLY Vendor: TENVIS Technology Co., Ltd Product: TH692- Outdoor P2P HD Waterproof IP Camera Product webpage: http://www.tenvis.com/th-692-outdoor-p2p-hd-waterproof-ip-camera-p-230.html...

Brickcom Corporation Network Cameras - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Adivisory Information ===================== Vendor: Brickcom Corporation CVE-Number:N/A Adivisory-URL: http://www.orwelllabs.com/2016/04/Brickcom-Multiple-Vulnerabilities.html OLSA-ID: OLSA-2015-12-12 Impact: High especially because some ...

Brickcom Corporation Network Cameras - Multiple Vulnerabilities

| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the business model of the internet - OK! sm1thw@0rw3lll4bs:/bb echo $?...

Brickcom Network Cameras XSS / CSRF / Insecure Direct Object Reference

| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the business model of the internet - OK! sm1thw@0rw3lll4bs:/bb echo $?...