HP SAN/iQ Virtual SAN Appliance Multiple Parameters Command Execution Vulnerabilities

HP SAN/iQ Virtual SAN Appliance is prone to multiple command execution vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Sinapsi Devices Vulnerabilities

Overview This advisory is a follow-up to the alert titled ICS-ALERT-12-284-01—Sinapsi eSolar Light Vulnerabilities that was published October 10, 2012. Independent researchers Roberto Paleari and Ivan Speziale identified four vulnerabilities and released proof-of-concept exploit code for the...

Korenix Jetport 5600 Series Hard-coded Credentials

Overview This advisory provides mitigation details for a vulnerability that impacts the Korenix JetPort 5600. Independent researcher Reid Wightman of Digital Bond identified undocumented hard-coded root credentials in the firmware of the Korenix JetPort 5600 system application without coordinatio...

Siemens Simatic S7-300 PLC Remote Memory Viewer

Exploit Title: Siemens Simatic S7 300 Remote Memory Viewer Backdoor Date: 7-13-2012 Exploit Author: Dillon Beresford Vendor Homepage: http://www.siemens.com/ Tested on: Siemens Simatic S7-1200 PLC CVE : None require 'msf/core' class Metasploit3 'Siemens Simatic S7-300 PLC Remote Memory Viewer',...

Siemens Simatic S7-300 - PLC Remote Memory Viewer (Metasploit)

Exploit Title: Siemens Simatic S7 300 Remote Memory Viewer Backdoor Date: 7-13-2012 Exploit Author: Dillon Beresford Vendor Homepage: http://www.siemens.com/ Tested on: Siemens Simatic S7-1200 PLC CVE : None require 'msf/core' class Metasploit3 'Siemens Simatic S7-300 PLC Remote Memory Viewer',...

Siemens Simatic S7-300 - PLC Remote Memory Viewer (Metasploit)

Siemens Simatic S7-300 - PLC Remote Memory Viewer Metasploit Exploit Title: Siemens Simatic S7 300 Remote Memory Viewer Backdoor Date: 7-13-2012 Exploit Author: Dillon Beresford Vendor Homepage: http://www.siemens.com/ Tested on: Siemens Simatic S7-1200 PLC CVE : None require 'msf/core' class...

ORing Industrial Networking IDS-5042/5042+ Hard-Coded Credential Vulnerability

Overview Independent researcher Reid Wightman of Digital BondKorenix and ORing Use Crypto, http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity/, Web site last accessed September 19, 2012. identified hard-coded credentials in the operating system of the ORing Industrial DIN-Rail...

HP SAN/iQ < 9.5 Root Shell Command Injection

The version of SAN/iQ running on the remote host has a command injection vulnerability. The hydra service, used for remote management and configuration, does not properly sanitize untrusted input. A remote attacker could exploit this to execute arbitrary commands as root. Authentication is...

tomcat: Multiple weaknesses in HTTP DIGEST authentication

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...

tomcat: Multiple weaknesses in HTTP DIGEST authentication

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...

tomcat: Multiple weaknesses in HTTP DIGEST authentication

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...

ZTE(ZTE)the phone there the back door, get a Root Shell-vulnerability warning-the black bar safety net

It's appearing that a root virus has appeared in ZTE phones, allowing full root to devices. It simply provides a root shell using a hard-coded password. This is serious news for any hackers, as this command can cause major damage to phones. Here is the information, should you wish to have a go: T...

Backdoor In Equipment Used For Traffic Control, Railways Called "Huge Risk"

UPDATE: Security researchers are warning about the risk posed by an embarrassing security hole in industrial control software by the firm RuggedCom. A hidden administrative account could give remote attackers easy access to critical equipment that is used to manage a wide range of critical...

RuggedCom Rugged Operating System Vulnerability

RuggedCom Rugged Operating System ROS, used in RuggedCom network infrastructure devices, contains a hard-coded user account with a predictable password. This user account cannot be manually disabled. An attacker who successfully guesses the password may be able to gain complete administrative...

RuggedCom Rugged Operating System (ROS) contains hard-coded user account with predictable password

Overview RuggedCom Rugged Operating System ROS contains a hard-coded user account with a predictable password. Description RuggedCom Rugged Operating System ROS, used in RuggedCom network infrastructure devices, contains a hard-coded user account named "factory" that cannot be disabled. The...

WAGO I/O System 758 Series Hard-Coded Credentials Vulnerability (Telnet)

WAGO I/O System 758 series devices are using a set of hard-coded credentials. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...

WAGO I/O System 758 Series Hard-Coded Credentials Vulnerability (HTTP)

WAGO I/O System 758 series devices are using a set of hard-coded credentials. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...

tomcat: Multiple weaknesses in HTTP DIGEST authentication

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...

tomcat: Multiple weaknesses in HTTP DIGEST authentication

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...

tomcat: Multiple weaknesses in HTTP DIGEST authentication

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...