Jenkins HP Application Automation Tools Plugin Password Encryption Security Weakness

The remote host is using the Jenkins HP Application Automation tools plugin. Nessus was able to remotely access one or more unprotected files in the Jenkins build system and decrypt the HP Application Lifecycle Management password. These passwords are currently encrypted with a known, hard-coded...

OpenCart 1.5.6.1 SQL Injection

Exploit Title : OpenCart log'getEbayItemId - Product ID: '.$productid; $qry = $this-db-query"SELECT ebayitemid FROM " . DBPREFIX . "ebaylisting WHERE productid = '".$productid."' AND status = '1' LIMIT 1"; .............. Function is called on many locations and paramter is passed without santize...

GNUPanel 0.3.5_R4 - Multiple Vulnerabilities

GNUPanel 0.3.5R4 - Multiple Vulnerabilities Exploit Title :GNUpanel 0.3.5R4 - Multiple Vulnerabilities Vendor Homepage :http://wp.geeklab.com.ar/gl-en/gnupanel/ GNUPanel Version :0.3.5R4 Server :Centos 6.4 Exploit Author :Necmettin COSKUN =@babayarisi Blog :http://www.ncoskun.com...

GNUpanel 0.3.5_R4 Cross Site Request Forgery / Cross Site Scripting

Exploit Title :GNUpanel 0.3.5R4 - Multiple Vulnerabilities Vendor Homepage :http://wp.geeklab.com.ar/gl-en/gnupanel/ GNUPanel Version :0.3.5R4 Server :Centos 6.4 Exploit Author :Necmettin COSKUN =@babayarisi Blog :http://www.ncoskun.com http://www.grisapka.org Discovery date :03/11/2014 CVE :N/A...

ZTE ZXV10 W300 Wireless Router Hard-coded Password

Nessus was able to login to the remote device using a known hard-coded password prepended with a portion of the device's MAC address obtained from an SNMP request for the admin account. Attackers can exploit this vulnerability to gain full control of the device. TRUSTED...

NETGEAR Hard-coded Telnet Unlock Credentials

The remote NETGEAR device has a hard-coded set of credentials that can be sent in a specially encoded packet in order to unlock the telnet service and allow remote logins as the root user. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid72831; scriptversion"1.6";...

Synology DiskStation Manager VPN module hard-coded password vulnerability

Overview Synology DiskStation Manager VPN module contains a hard-coded password which cannot be changed. Description Synology DiskStation Manager 4.3-3810 update 1 and possibly earlier versions contain a VPN server module which contains a hard-coded password which cannot be changed. According to...

MOXA EDR-G903 Series Multiple Vulnerabilities

OVERVIEW This advisory provides mitigation details for vulnerabilities that impact Moxa EDR-G903 Series Routers. Independent researcher Neil Smith identified a hard-coded user account vulnerability and an insufficient entropy vulnerability in Moxa’s EDR-G903 series routers. By impersonating the...

360 Systems Image Server 2000 Series Remote Root Access

Overview This updated advisory is a follow-up to the original advisory titled ICSA-13-038-01—360 Systems Image Server 2000 Series Remote Root Access that was published March 06, 2013, on the ICS-CERT Web site. This advisory provides mitigation details for a vulnerability that impacts the 360...

Stem Innovation - IZON Hard-Coded Credentials

Stem Innovation - IZON Hard-Coded Credentials Stem Innovation ‘IZON’ Hard-coded Credentials CVE-2013-6236 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- Stem Innovation's IP camera called ‘IZON’ utilizes numerous hard-coded credentials within it...

Stem Innovation - 'IZON' Hard-Coded Credentials

Stem Innovation ‘IZON’ Hard-coded Credentials CVE-2013-6236 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- Stem Innovation's IP camera called ‘IZON’ utilizes numerous hard-coded credentials within its Linux distribution and also the hidden web...

Cisco Video Surveillance 4000 Series IP Camera Default Credential Vulnerability

A vulnerability in the analytics page of the Cisco Video Surveillance 4000 Series IP Camera could allow an unauthenticated, remote attacker to gain access to the analytics pages of a Cisco Video Surveillance 4000 Series IP Camera. The vulnerability is due to an undocumented user account with a...

Two Instagram Android App Security Vulnerabilities

Affected app: Instagram for Android Affected versions: 4.0.2 and 4.1.2, probably also earlier versions as well as iOS affected. Summary After the Instagram iOS vulnerability discovered last year 1, the app's HTTP API has been extended with a cryptographic authentication for changes like "likes" a...

PT-2013-91: Hard-Coded Access Credentials in Emerson DeltaV

The specialists of the Positive Research center have detected a Hard-Coded Access Credentials vulnerability in Emerson DeltaV. An attacker can connect to the application using Telnet and run commands or change settings. How to fix Update your sofware up to the latest version Advisory status...

Cisco Unified Computing System FTP User Vulnerability

A vulnerability in the FTP server of the Cisco Unified Computing System could allow an unauthenticated, adjacent attacker to view and modify files. The vulnerability is due to an undocumented user account with a hard-coded password. An attacker could exploit this vulnerability by accessing the FT...

[Binrev] Automate Reversing Windows Binaries for Pentesters

What you can do with this? Static analysis: you can do a basic manual code review for decompiled sources to discover hidden communication channels, search for hard-coded passwords, or SQL injection vulnerabilities. Import decompiled projects to an IDE to reconstruct and modify the original source...

Sitecom N300N600 Devices - Multiple Vulnerabilities

Sitecom N300N600 Devices - Multiple Vulnerabilities Multiple vulnerabilities on Sitecom N300/N600 devices ===================================================== ADVISORY INFORMATION Title: Multiple vulnerabilities on Sitecom N300/N600 devices Discovery date: 01/06/2013 Release date: 19/08/2013...

Sitecom Devices Hard-Coded Credentials (Telnet)

The remote Sitecom Device is using known hard-coded credentials. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sitecom N300/N600 Devices - Multiple Vulnerabilities

Multiple vulnerabilities on Sitecom N300/N600 devices Sitecom N300/N600 Devices - Multiple Vulnerabilities AFFECTED PRODUCTS We confirm the presence of the security vulnerability on the following products/firmware versions: Sitecom WLM-3500 v2 001, firmware 1.07 Sitecom WLM-5500 v1 001, firmware...

Sitecom N300/N600 Devices - Multiple Vulnerabilities

Multiple vulnerabilities on Sitecom N300/N600 devices ===================================================== ADVISORY INFORMATION Title: Multiple vulnerabilities on Sitecom N300/N600 devices Discovery date: 01/06/2013 Release date: 19/08/2013 Credits: Roberto Paleari [email protected],...