8033 matches found
tomcat: Multiple weaknesses in HTTP DIGEST authentication
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...
CVE-2010-4965
/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server...
IBM Tivoli Endpoint 4.1.1 Buffer Overflow / Hard-Coded Credentials
!/usr/bin/python tiv-sys.py IBM Tivoli Endpoint 4.1.1 Remote SYSTEM Exploit Jeremy Brown 0xjbrown41-gmail-com June 2011 Discovered by: Brian Adeloye of Tenable Network Security This exploit makes use of two vulnerabilities: 1 Base64 authentication credentials hard-coded in lcfd.exe 2 Stack-based...
Textpattern 4.3.0 Cross Site Request Forgery
Exploit Title: Textpattern 4.3.0 CMS XSRF Vulnerability Change Admin's Password + Author : ^Xecuti0n3r + E-mail : xecuti0n3ryahoo.com + Category : Web Apps XSRF + Demo Link : http://www.cmsagora.com/demo.php?id=94&type=2 + Demo...
PEEL Open e-commerce systems Sensitive Database Disclosure Vulnerability
Exploit for php platform in category web applications +Exploit Title: PEEL Open e-commerce systems Sensitive Database Disclosure Vulnerability +Author : ^Xecuti0n3r + E-mail : xecuti0n3ryahoo.com + dork : inurl:"lire/index.php?rubid=" + Category : Web Apps SQli...
Win64 bit/xp Calculator Shellcode
+Exploit Title: Win64 bit/xp Calculator Shellcode +Author : ^Xecuti0N3r +Tested On : WIN64-XP include include include int main char shellc = "\xeb\x16\x5b\x50\x88\x43\x09\x53\xbb\x0d\x25\x86\x7c\xff\xd3\x31\xc0\xbb\x12\xcb\x81\x7c\xff\xd3\xe8\xe5\xff\xff\xff" "\x63\x61\x6c\x63\x2e" "\x65\x78\x65"...
Real Player 14.0.2.633 Denial Of Service
!/usr/bin/perl +Exploit Title: Real player 14.0.2.633 Buffer overflow/DOS Exploit +Software Link: www.soft32.com/download122615.html +Software: Real player +Version: 14.0.2.633 +Tested On: WIN-XP SP3 + Date : 31.03.2011 + Hour : 13:37 PM Similar Bug was found by cr4wl3r in MediaPlayer Classic...
Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038
Matta Consulting - Matta Advisory http://www.trustmatta.com Cisco Unified Videoconferencing multiple vulnerabilities Advisory ID: MATTA-2010-001 CVE reference: CVE-2010-3037 CVE-2010-3038 Affected platforms: Cisco Unified Videoconferencing 3515,3522,3527,5230,3545, 5110,5115 Systems and unspecifi...
Cisco Security Response: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Response: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml Revision 1.0 For Public Release 2010 November 17 1600 UTC GMT...
DBSite - SQL Injection
DBSite - SQL Injection !/usr/bin/env python -- coding: utf-8 -- -------------------------------------------------------- Exploit Title: DBSite Remote SQL Injection Vulnerability Date: 13/10/2010 Author: GodOfPain Version: 1.0 Tested on: Linux ------------------------------------------------------...
SCADA Vendors Still Need Security Wake Up Call
Companies that make supervisory control and data acquisition SCADA and industrial control software are still dangerously lax when it comes to application security and vulnerable to attack, according to a researcher from security firm Tenable Inc. who warned that the use of coded administrative...
VulnCheck KEV: CVE-2010-2772
Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568...
CVE-2010-2772
Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568...
CVE-2010-2772
CVE-2010-2772 affects Siemens SIMATIC WinCC and SIMATIC PCS 7: a security bypass via default hard-coded SQL credentials allows remote attackers to access the backend database with administrative-like access. The vulnerability is tied to use of default credentials in the WinCC SQL server, permitti...
CVE-2010-2772
Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568...
Hardcoded credentials
Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568...
CVE-2010-2772
Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568. Recent assessments: Assessed Attacker...
PT-2010-4286
Name of the Vulnerable Software and Affected Versions Siemens Simatic WinCC and PCS 7 SCADA system affected versions not specified Description The issue concerns a hard-coded password in the system, allowing local users to access a back-end database and gain privileges. This has been demonstrated...
CVE-2010-2073
authdbconfig.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the 1 test, 2 user, and 3 roxon accounts, which allows remote attackers to read arbitrary files from the FTP server...
CVE-2010-2073
authdbconfig.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the 1 test, 2 user, and 3 roxon accounts, which allows remote attackers to read arbitrary files from the FTP server...