Brickcom Corporation Network Cameras - Multiple Vulnerabilities

Brickcom Corporation Network Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the...

Pro-face GP-Pro EX Security Bypass Vulnerability

Pro-face GP-Pro EX is a set of HMI screen editing and logic programming software. The Pro-face GP-Pro EX's FTP server uses hard-coded credentials, allowing remote attackers to exploit the vulnerability to access items in the device and obtain sensitive information...

Pro-face GP-Pro EX Authentication Bypass Vulnerability

Pro-face GP-Pro EX is a set of HMI screen editing and logic programming software from American Pro-face. The Pro-face GP-Pro EX has a security vulnerability due to the use of hard-coded certificates by the FTP server. A remote attacker could exploit the vulnerability to access items in the device...

Patterson Dental Eaglesoft Information Disclosure Vulnerability

Patterson Dental Eaglesoft is a suite of dental records software from Patterson Dental Supply Patterson Dental in the United States. An information disclosure vulnerability exists in Patterson Dental Eaglesoft that arises from the program using the same hard-coded credentials across different use...

Patterson Dental Eaglesoft uses a hard-coded database password across installations

Overview Patterson Dental Eaglesoft is a dental records software. Eaglesoft uses a hard-coded database password that is shared across all installations. Description CWE-798: Use of Hard-coded Credentials- CVE-2016-2343 According to the researcher, Eaglesoft uses hard-coded credentials to access a...

Cisco Prime LAN Management Solution Hardcoding Vulnerability

Cisco Prime LAN Management Solution is a LAN-based network management solution from Cisco. A hard-coded vulnerability exists in Cisco Prime LAN Management Solution, which allows a local attacker to decrypt data in the LMS database using a hard-coded key to compromise an affected device...

GE MultiLink Series Hard-coded Credential Vulnerability

OVERVIEW GE has identified a hard-coded credential vulnerability in GE’s MultiLink series managed switches. GE has produced new firmware versions to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following MultiLink products are affected: GE ML8...

Monkey race ray! RSA conference badge scanning application broke vulnerability-vulnerability warning-the black bar safety net

Recently, the BLUE BOX company's security researchers found: RSA 2 0 1 6 The General Assembly on the use of badge scanning APP there is a hard-coded default passwords. This year, RSA 2 0 1 6 The participants will get a unique surprise: the General Assembly, as many manufacturers offer a Samsung...

Netis/Netcore Router Hard-Coded Backdoor

A backdoor in Netis/Netcore routers has been reported. The routers are protected by a single hard-coded password. The exploitation of this backdoor could compromise the network protected by the device...

Sixnet BT Series Hard-coded Credentials Vulnerability

OVERVIEW Independent researcher Neil Smith has identified a hard-coded credential vulnerability in Sixnet’s BT series routers. Sixnet has produced patches and new firmware to mitigate this vulnerability. This vulnerability could be exploited remotely. Exploits that target this vulnerability are...

QNAP Systems iArtist Lite Hardcoding Vulnerability

QNAP Systems iArtist Lite is a suite of ad editing software for QNAP NAS. QNAP Systems iArtist Lite uses hard-coded FTP accounts and passwords, allowing remote attackers to sniff the network for FTP transfer data...

QNAP Signage Station and iArtist Lite contain multiple vulnerabilities

Overview The QNAP Signage Station prior to version 2.0.1 and the accompanying iArtist Lite application contain multiple vulnerabilities. Description CWE-434: Unrestricted Upload of File with Dangerous Type - CVE-2015-6022An authenticated attacker without administrative permissions may upload a...

D-Link DVG-N5402SP Privilege Acquisition Vulnerability

The D-Link DVG-N5402SP is a wireless router product from AUO D-Link for voice, fax and shared wireless Internet over IP networks. A security vulnerability exists in the D-Link DVG-N5402SP that stems from the program's use of hard-coded certificates. An attacker could exploit the vulnerability to...

AMX Multiple Products Credential Management Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-049-02 AMX Multiple Products Credential Management Vulnerabilities that was published February 18, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 2 -------- ICS-CERT has become aware of...

Zhuhai Raysharp firmware for DVRs from multiple vendors contains hard-coded credentials

Overview Digital Video Recorders DVRs, security cameras, and possibly other devices from multiple vendors use a firmware derived from Zhuhai RaySharp that contains a hard-coded root password. Description CWE-259: Use of Hard-coded Password- CVE-2015-8286 According to the reporter, DVR devices bas...

Swann SRNVW-470 allows unauthorized access to video stream and contains a hard-coded password

Overview Swann network video recorder NVR devices contain a hard-coded password and do not require authentication to view the video feed when accessing from specific URLs. Description CWE-259: Use of Hard-coded Password - CVE-2015-8286 According to the researcher, the Swann SRNVW-470LCD and Swann...

MGASA-2016-0053 Updated socat packages fix security vulnerability

In socat before 2.0.0-b9, in the OpenSSL address implementation, the hard coded 1024 bit DH p parameter was not prime. It may be possible for an eavesdropper to recover the shared secret from a key exchange CVE-2016-2217. In socat before 2.0.0-b9, a stack overflow vulnerability was found that can...

OpenELEC and RasPlex have a hard-coded SSH root password

Overview OpenELEC and derivatives utilize a hard-coded default root password, and enable SSH root access by default. Description CWE-259: Use of Hard-coded Password OpenELEC has a hard-coded root password. The root partition is by default read-only, preventing a user from changing the password on...

libEBML Information Disclosure Vulnerability (CNVD-2016-00840)

libEBML is a C++ library for parsing EBML files maintained by the Matroska team. A security vulnerability in the 'EbmlElement::ReadCodedSizeValue' function of libEBML allows an attacker to obtain sensitive information in the process heap memory using a specially crafted length value in a speciall...

Westermo Industrial switches hard-coded certificate vulnerability

Westermo Industrial Switches is an industrial Ethernet switch product from Westermo, Sweden. A security vulnerability exists in Westermo Industrial switches that allows remote attackers to conduct man-in-the-middle attacks and gain unauthorized access to the device...