[Onapsis Security Advisory 2014-024] Hard-coded Username in SAP FI Manager Self-Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-024: Hard-coded Username in SAP FI Manager Self-Service This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to...

CVE-2014-5176

SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors...

Hardcoded credentials

SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors...

CVE-2014-5176

CVE-2014-5176 concerns SAP FI Manager Self-Service, where a hard-coded user name creates a potential backdoor that could allow remote attackers to gain access via unspecified vectors. The underlying issue is the presence of a fixed credential within the affected component, which reduces defense-i...

CVE-2014-5176

SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors...

NETGEAR GS105PE Pro Safe Switch Hard-coded Credentials

The NETGEAR GS105PE Pro Safe Switch has a set of hard-coded credentials 'ntguser / debugpassword' that give access to several CGI control scripts and could allow a remote attacker to : - Modify the serial number and MAC address of the product. produceburn.cgi - Manually set memory to a certain...

Hewlett-Packard Universal CMDB Default Credentials Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Universal CMDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default configuration of Hewlett-Packard Universal CMDB. The...

CVE-2014-3489

lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine CFME before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack...

CVE-2014-3489

lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine CFME before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack...

CVE-2014-3489

CVE-2014-3489 affects Red Hat CloudForms 3.0 Management Engine (CFME); lib/util/miq-password.rb uses a hard-coded salt, enabling easier brute-force guessing of stored passwords by remote attackers. Documented impact: password guessing via brute force; exposure depends on access to stored credenti...

PT-2014-5355 · Red Hat · Red Hat Cloudforms

Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms versions prior to 5.2.4.2 Description: The issue concerns the use of a hard-coded salt in a password management component, which could facilitate brute force attacks by remote attackers, making it easier to guess passwords...

Netgear GS105PE Prosafe Plus Switch contains hard-coded login credentials

Overview Netgear GS105PE Prosafe Plus Switch firmware version 1.2.0.5 contains hard-coded credentials. CWE-798 Description Netgear GS105PE Prosafe Plus Switch contains hard-coded login credentials that can be used for authenticating to the web server running on the device. The username is ntgruse...

Stem Innovation ‘IZON’ Hard-coded Credentials

No description provided by source. Stem Innovation ‘IZON’ Hard-coded Credentials CVE-2013-6236 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- Stem Innovation's IP camera called ‘IZON’ utilizes numerous hard-coded credentials within its Linux...

Zavio IP Cameras Firmware 1.6.03 - Multiple Vulnerabilities

No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com Zavio IP Cameras multiple vulnerabilities 1. Advisory Information Title: Zavio IP Cameras multiple vulnerabilities Advisory ID: CORE-2013-0302 Advisory URL:...

XBlast 2.6.1 HOME Environment Variable Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8296/info XBlast is contains a locally exploitable buffer overflow vulnerability due to insufficient bounds checking of data supplied via the HOME environment variable. Successful exploitation would allow a local user to...

OpenCart <= 1.5.6.1 - (openbay) Multiple SQL Injection

No description provided by source. Exploit Title : OpenCart = 1.5.6.1 SQL Injection Date : 2014/3/26 Exploit Author : Saadat Ullah ? [email protected] Software Link : http://www.opencart.com/index.php?route=download/download : https://github.com/opencart Software web : www.opencart.com...

Nvidia NView 3.5 Keystone.EXE Local Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21260/info NVIDIA nView is prone to a local denial-of-service vulnerability. An attacker can exploit this issue to crash the affected computer, denying service to legitimate users. / NVIDIA nView keystone local Denial Of...

marbles 1.0.1 - Local Home Environment Variable Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8710/info A problem in the handling of data in the Home environment variable has been reported in the marbles program. This may make it possible for a local attacker to gain elevated privileges. / c-marbles.c PoC exploit...

Mediacoder 0.7.5.4710 "Universal" SEH Buffer Overflow Exploit

No description provided by source. !/usr/bin/env python Mediacoder 0.7.5.4710 Universal SEH Buffer Overflow Exploit Coded By: DrIDE Found By: abhishek lyall Usage: Load the evil .m3u file and click on it. Download: http://www.exploit-db.com/application/14612 Tested On: Windows XPSP3 windows/exec ...

BigPond 3G21WB Multiple Vulnerabilities

No description provided by source. Hard-coded credentials and command-injection vulnerabilities on BigPond 3G21WB ============================================================================== ADVISORY INFORMATION Title: Hard-coded credentials and command-injection vulnerabilities on BigPond 3G21...