CVE-2005-0349

The CVE-2005-0349 entry covers BrightStor ARCserve Backup 11.1 UniversalAgent for UNIX, where the production release contains hard-coded credentials that enable remote access to the file system and may allow execution of arbitrary commands. Connected details specify a default/admin-like account w...

CVE-2005-0349

The production release of the UniversalAgent for UNIX in BrightStor ARCserve Backup 11.1 contains hard-coded credentials, which allows remote attackers to access the file system and possibly execute arbitrary commands...

[Full-Disclosure] iDEFENSE Security Advisory 02.10.05: Computer Associates BrightStor ARCserve Backup UniversalAgent Backdoor Vulnerability

Computer Associates BrightStor ARCserve Backup UniversalAgent Backdoor Vulnerability iDEFENSE Security Advisory 02.10.05 www.idefense.com/application/poi/display?id=198&type=vulnerabilities February 10, 2005 I. BACKGROUND BrightStor ARCserve Backup r11.1 delivers leading backup and restore...

ngIRCd 0.8.1 - Remote Denial of Service (2)

/ Ip under usage is actually port /str0ke / / -=x0n3-h4ck=--=00:48:19=--=/root=--=Account: root=- -= ./ngircddos x0n3-h4ck.org 12345 Angel DarkChan -= NGircd Attack Success! Lets party! The Irc Server is Killed !! Exploit: NGircd NOTE: The channel must be EMPTY to let the exploit use +I mode...

ngIRCd <= 0.8.1 Remote Denial of Service Exploit (2)

No description provided by source. / Ip under usage is actually port /str0ke / / -=x0n3-h4ck=--=00:48:19=--=/root=--=Account: root=- -= ./ngircddos x0n3-h4ck.org 12345 Angel DarkChan -= NGircd = 0.8.1 Remote DoS ::: Coded by Expanders =- Connecting to target ...Done Building evil buffer ...Done...

ngIRCd <= 0.8.1 Remote Denial of Service Exploit (2)

Exploit for linux platform in category dos / poc ==================================================== ngIRCd Attack Success! Lets party! The Irc Server is Killed !! Exploit: NGircd NOTE: The channel must be EMPTY to let the exploit use +I mode Example: / include include include include include...

CVE-2004-1322

Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages...

CVE-2004-2050

eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow local users to gain privileges by pressing CTRL-SHIFT-ALT-DEL and entering the "maertsJ" password, which is hard-coded into lshell...

CVE-2004-1322

Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages...

hztty 2.0 (RedHat 9.0) - Local Privilege Escalation

hztty 2.0 RedHat 9.0 - Local Privilege Escalation / 0x333hztty = hztty 2.0 local root exploit more info : Debian Security Advisory DSA 385-1 note I adjusted some part of hztty's code since there were some errors. hope this will not influence exploitation : tested against Red Hat 9.0 : c0wboy@0x33...

CVE-2002-0706

CVE-2002-0706 affects SurfControl SuperScout WebFilter’s Web Reports Server, specifically the UserManager.js component. The root cause is the use of weak encryption for administrator functions, with a hard-coded key inside a JavaScript function, enabling decryption of the admin password. This all...

asctime-poc

; Proof of concept Code for asctime exploit ; Author: James Martin ; Website: http://www.uuuppz.com ; Email: [email protected] ; ; Usage: ; /asctimepoc notepad c:\autoexec.nat ; /asctimepoc command.com /c echo Your have been rooted c:\rooted.txt ; etc : ; ; /asctimepoc ; Set Show State ; ; Valid...

iBill Management Script - Weak Hard-Coded Password

iBill Management Script - Weak Hard-Coded Password source: https://www.securityfocus.com/bid/3476/info iBill is an Internet billing company that provides secure payment processing for e-commerce. A vulnerability exists in iBill's CGI password management script called ibillpm.pl. The default...

iBill Management Script - Weak Hard-Coded Password

source: https://www.securityfocus.com/bid/3476/info iBill is an Internet billing company that provides secure payment processing for e-commerce. A vulnerability exists in iBill's CGI password management script called ibillpm.pl. The default password is the client's MASTERACCOUNT name plus two low...

dump 0.4b15 exploit (Redhat 6.2)

Exploit for linux platform in category local exploits ================================ dump 0.4b15 exploit Redhat 6.2 ================================ / dump-0.4b15x.c dump-0.4b15 exploit: Redhat 6.2 dump command executes external program with suid priviledge. affected: /sbin/dump /sbin/dump.stat...

CVE-2000-0784

sshd program in the Rapidstream 2.1 Beta VPN appliance has a hard-coded "rsadmin" account with a null password, which allows remote attackers to execute arbitrary commands via ssh...

CVE-2000-0784

sshd program in the Rapidstream 2.1 Beta VPN appliance has a hard-coded "rsadmin" account with a null password, which allows remote attackers to execute arbitrary commands via ssh...

CVE-2000-0784

The CVE concerns the Rapidstream 2.1 Beta VPN appliance where the sshd daemon contains a hard-coded rsadmin account with a null password. This effectively allows remote attackers to authenticate without credentials and execute arbitrary commands via SSH, giving full compromise potential to the de...

connect.asm

; Passive Connection Shellcode ; ; Coded by Scrippie - [email protected] - http://b0f.freebsd.lublin.pl ; ; Why? This evades firewalls... ; This is the well documented testing part of the shellcode ; The code isn't relocatable, isn't optimized and contains NULL chars ; ; YES, this is for NASM, I...

formhandler.cgi.txt

From: Mnemonix Subject: FormHandler.cgi FormHandler.cgi available from http://www.cgi-perl.com/programs/FormHandler uses hard coded physical paths for templates etc so it's possible to get sensitive files like /etc/passwd by modifying a site's f orm and submitting it. Cheers, David Litchfield...