CVE-2018-9010

Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password...

YzmCMS_v3.6 Arbitrary File Deletion Vulnerability

YzmCMS is a lightweight and open source content management system based on PHP+Mysql architecture, running on Linux, Windows, MacOSX, Solaris and other platforms. YzmCMSv3.6 has an arbitrary file deletion vulnerability. Attackers by cracking the background default account password , construct URL...

CVE-2017-3186

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials...

UserPro <= 4.9.17 - Authentication Bypass

The userpro plugin has the ability to bypass login authentication for the user 'admin'. If the site does not use the standard username 'admin' it is not affected. 1 - Google Dork inurl:/plugins/userpro 2 - Browse to a site that has the userpro plugin installed. 3 - Append ?upautolog=true to the...

Axesstel MU553S Default Password Vulnerability

The Axesstel MU553S is a router from Axesstel USA. A security vulnerability exists in the Axesstel MU553S MU55XS-V1.14 version that originates from the use of the default 'admin' password for the administrator account. An attacker can exploit the vulnerability to perform unauthorized operations...

CVE-2017-11351

Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account...

Unspecified Vulnerability in Green Packet DX-350

The Green Packet DX-350 is a network access point device from Green Packet USA. A security vulnerability exists in the Green Packet DX-350 using firmware version 2.8.9.5-g1.4.8-atheeb, which stems from the administrator account having a default password. No details of the vulnerability are provid...

Cisco Elastic Services Controller Default Administrator Credentials Vulnerability

Cisco Elastic Services Controller is a cloud and systems management solution. Cisco Elastic Services Controllers has a security vulnerability in the ConfD CLI implementation that stems from the presence of a default, weak, hard-coded password for the admin user on the affected system. A remote...

CVE-2017-6131

In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at...

CVE-2017-6131

In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at...

File Upload Vulnerability in Kirin Fortress

Kirin Fortress is the open source operations and maintenance fortress. A file upload vulnerability exists in cadminbackup.class.php in KyLin Fortress. As a result of utilizing the default administrator account admin, password 12345678 to log into the system, in system management, software upgrade...

IBM DataPower Gateway < 7.5.2.2 Default Admin Password Security Bypass

According to its self-reported version, the IBM DataPower Gateway running on the remote host is prior to 7.5.2.2. It is, therefore, affected by a security bypass vulnerability due to the default password still being accepted as valid if the administrator logs in before the startup configuration i...

ntopng Default Admin Credentials (HTTP)

This script detects default admin credentials for ntopng via HTTP. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Mutiple SONY Videoconference Systems do not properly perform authentication

Overview Multiple SONY Videoconference Systems have a default user account which does not require authentication to login to a device CWE-306. This user account has a privilege to view some of the system configuration files. As a result, the device may be manipulated by an attacker with...

Loxone Smart Home Default Admin Login (HTTP)

The remote Loxone installation has default credentials set. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SS-2016-005: Brute force bypass on default admin

More info at https://www.silverstripe.org/download/security-releases/ss-2016-005/...

Schneider Electric StruxureWare Building Operation Automation Server msh bypass

Added: 03/14/2016 CVE: CVE-2016-2278 Background The Schneider Electric StruxureWare Building Operation software suite provides integrated monitoring, control, and management of energy, HVAC, lighting and fire safety. The Automation Server is a building automation system for small and medium-sized...

Schneider Electric StruxureWare Building Operation Automation Server msh bypass

Added: 03/14/2016 CVE: CVE-2016-2278 Background The Schneider Electric StruxureWare Building Operation software suite provides integrated monitoring, control, and management of energy, HVAC, lighting and fire safety. The Automation Server is a building automation system for small and medium-sized...

Schneider Electric StruxureWare Building Operation Automation Server msh bypass

Added: 03/14/2016 CVE: CVE-2016-2278 Background The Schneider Electric StruxureWare Building Operation software suite provides integrated monitoring, control, and management of energy, HVAC, lighting and fire safety. The Automation Server is a building automation system for small and medium-sized...

ZyXEL NBG-418N devices with firmware credential management vulnerability

ZyXEL NBG-418N is a wireless broadband router from ZyXEL Technology. A credential management vulnerability exists in the ZyXEL NBG-418N devices with firmware 1.00 AADZ.3 C0. Since the device's web management interface C0 has a 1234 administrator account, it allows a remote attacker to connect via...