96 matches found
GE MDS PulseNET Hidden Support Account Remote Code Execution (CVE-2015-6456)
A default credential vulnerability has been reported in GE MDS PulseNET. The vulnerability is due to static credentials of a hidden support account permitting administrator access to the system. A remote attacker can exploit these default credentials to access the system. Once authenticated, the...
ManageEngine OpManager Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine OpManager Remote Code Execution', 'Description' = %q This module exploits a default credential vulnerability in...
ManageEngine OpManager - Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine OpManager Remote Code Execution', 'Description' = %q This module exploits a default credential vulnerability in...
ManageEngine OpManager Remote Code Execution
This module exploits a default credential vulnerability in ManageEngine OpManager, where a default hidden account "IntegrationUser" with administrator privileges exists. The account has a default password of "plugin" which cannot be reset through the user interface. By log-in and abusing the...
Sun Java Web Server 1.1.3/2.0 Servlets Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1498/info The servlet sunexamples.RealmDumpServlet, which is packaged by Default with Sun's Java Web Server, can be used to discover ACLs and local users on the server. http://javawebserver.com/pservlet.html User: sherwin...
ZTE WXV10 W300 Multiple Vulnerabilities (Jan 2014) - Active Check
ZTE WXV10 W300 router is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Sflog! CMS 1.0 Arbitrary File Upload
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Sflog! CMS 1.0...
Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Plixer Scrutinize...
WellinTech KingView User Credentials Not Securely Hashed
Overview This advisory is a follow-up to the alert titled ICS-ALERT-12-212-02 WellinTech KingView User Credentials Not Securely Hashed that was published July 30, 2012, on the ICS-CERT Web page. Dr. Wesley McGrew of Mississippi State University has identified a default credential vulnerability in...
PHP Volunteer Management System v1.0.2 Arbitrary File Upload
Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
Splunk Search Remote Code Execution
This module abuses a command execution vulnerability in the web based interface of Splunk 4.2 to 4.2.4. The vulnerability exists in the 'mappy' search command which allows attackers to run Python code. To exploit this vulnerability, a valid Splunk user with the admin role is required. By default,...
Default credentials
The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows attackers to discover a 1 username or 2 password via unspecified vectors...
Samsung G3210 Default Login / Password
Hi @all, the Samsung G3210 and probably other versions also, offers a FTP-Server with the default user "ftpuser" and passwort "ftpuser". After login to the router it's possible to change in various directory e.g "/tmp. Now you can easyly download the configuration of the router. The file...
CVE-2004-2298
Novell Internet Messaging System NIMS 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator...
[SA13377] Novell NetMail Default NMAP Authentication Credential Security Issue
TITLE: Novell NetMail Default NMAP Authentication Credential Security Issue SECUNIA ADVISORY ID: SA13377 VERIFY ADVISORY: http://secunia.com/advisories/13377/ CRITICAL: Less critical IMPACT: Manipulation of data, Exposure of system information, Exposure of sensitive information WHERE: From local...
Cisco Security Advisory: A default Username and Password in WLSE and HSE devices
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a re-release of the Advisory. In the previous Advisory release, it was incorrectly stated that the fix for this vulnerability is a configuration change. That has now been corrected. We apologize for any inconvenience, Cisco PSIRT - ------- Cis...