TH692 Outdoor P2P HD Waterproof IP Camera - Hard-Coded Credentials

TH692 Outdoor P2P HD Waterproof IP Camera - Hard-Coded Credentials Exploit Title: TH692- Outdoor P2P HD Waterproof IP Camera hardcoded credentials Date: 4/16/2016 Exploit Author: DLY Vendor: TENVIS Technology Co., Ltd Product: TH692- Outdoor P2P HD Waterproof IP Camera Product webpage:...

Brickcom Network Cameras XSS / CSRF / Insecure Direct Object Reference

| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the business model of the internet - OK! sm1thw@0rw3lll4bs:/bb echo $?...

Brickcom Corporation Network Cameras - Multiple Vulnerabilities

| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the business model of the internet - OK! sm1thw@0rw3lll4bs:/bb echo $?...

Brickcom Corporation Network Cameras - Multiple Vulnerabilities

Brickcom Corporation Network Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the...

Brickcom Corporation Network Cameras - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Adivisory Information ===================== Vendor: Brickcom Corporation CVE-Number:N/A Adivisory-URL: http://www.orwelllabs.com/2016/04/Brickcom-Multiple-Vulnerabilities.html OLSA-ID: OLSA-2015-12-12 Impact: High especially because some ...

Pro-face GP-Pro EX Security Bypass Vulnerability

Pro-face GP-Pro EX is a set of HMI screen editing and logic programming software. The Pro-face GP-Pro EX's FTP server uses hard-coded credentials, allowing remote attackers to exploit the vulnerability to access items in the device and obtain sensitive information...

Patterson Dental Eaglesoft Information Disclosure Vulnerability

Patterson Dental Eaglesoft is a suite of dental records software from Patterson Dental Supply Patterson Dental in the United States. An information disclosure vulnerability exists in Patterson Dental Eaglesoft that arises from the program using the same hard-coded credentials across different use...

Patterson Dental Eaglesoft uses a hard-coded database password across installations

Overview Patterson Dental Eaglesoft is a dental records software. Eaglesoft uses a hard-coded database password that is shared across all installations. Description CWE-798: Use of Hard-coded Credentials- CVE-2016-2343 According to the researcher, Eaglesoft uses hard-coded credentials to access a...

Monkey race ray! RSA conference badge scanning application broke vulnerability-vulnerability warning-the black bar safety net

Recently, the BLUE BOX company's security researchers found: RSA 2 0 1 6 The General Assembly on the use of badge scanning APP there is a hard-coded default passwords. This year, RSA 2 0 1 6 The participants will get a unique surprise: the General Assembly, as many manufacturers offer a Samsung...

Sixnet BT Series Hard-coded Credentials Vulnerability

OVERVIEW Independent researcher Neil Smith has identified a hard-coded credential vulnerability in Sixnet’s BT series routers. Sixnet has produced patches and new firmware to mitigate this vulnerability. This vulnerability could be exploited remotely. Exploits that target this vulnerability are...

QNAP Systems iArtist Lite Hardcoding Vulnerability

QNAP Systems iArtist Lite is a suite of ad editing software for QNAP NAS. QNAP Systems iArtist Lite uses hard-coded FTP accounts and passwords, allowing remote attackers to sniff the network for FTP transfer data...

QNAP Signage Station and iArtist Lite contain multiple vulnerabilities

Overview The QNAP Signage Station prior to version 2.0.1 and the accompanying iArtist Lite application contain multiple vulnerabilities. Description CWE-434: Unrestricted Upload of File with Dangerous Type - CVE-2015-6022An authenticated attacker without administrative permissions may upload a...

Harman AMX multimedia devices contain hard-coded credentials

Overview Multiple models of Harman AMX multimedia devices contain a hard-coded debug account. Description CWE-798: Use of Hard-coded Credentials - CVE-2015-8362According to the researchers' blog post, several models of Harman AMX multimedia devices contain a hard-coded "backdoor" account with...

Pro-face GP-Pro EX HMI Vulnerabilities

OVERVIEW ZDI Zero Day Initiative has identified one information disclosure and two buffer overflow vulnerabilities, and independent researcher Jeremy Brown has identified hard-coded credentials in Pro-face’s GP-Pro EX HMI software. Pro-face has produced a module to mitigate these vulnerabilities...

Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities

OVERVIEW Gleb Gritsai, Ilya Karpov, and Kirill Nesterov of Positive Technologies Security Lab and independent researcher Alisa Esage Shevchenko have identified vulnerabilities in the Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014. Schneider Electric has released new patch...

Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-085-01 Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities, that was published March 26, 2015, to the NCCIC/ICS-CERT web site. Gleb Gritsai, Ilya Karpov, and Kirill Nesterov o...

Janitza Hard-Coded FTP Password

The remote Janitza FTP server can be accessed with hard-coded credentials. A remote attacker can leverage the credentials to upload and download arbitrary files. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid86905; scriptversion"1.7"; scriptcvsdate"Date: 2018/11/15...

ZTE ZXHN H108N R1A routers contain multiple vulnerabilities

Overview ZTE ZXHN H108N R1A router, version ZTE.bhs.ZXHNH108NR1A.hPE, and ZXV10 W300 router, version W300V1.0.0fER1PE, contain multiple vulnerabilities. Description CWE-200: Information Exposure - CVE-2015-7248 Multiple information exposure vulnerabilities enable an attacker to obtain credentials...

GE Multilink Switch Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-013-04 GE MultiLink Switch Vulnerabilities that was published January 13, 2015, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 3 -------- Eireann Leverett of IOActive has identified three...

ZOHO ManageEngine OpManager Hardcoded Credentials Vulnerability

ZOHO ManageEngine OpManager is network performance management software. A hard-coded credentials vulnerability exists in ZOHO ManageEngine OpManager. A remote attacker could exploit this vulnerability to gain administrator access...