IBM Tivoli Endpoint 4.1.1 Buffer Overflow / Hard-Coded Credentials

!/usr/bin/python tiv-sys.py IBM Tivoli Endpoint 4.1.1 Remote SYSTEM Exploit Jeremy Brown 0xjbrown41-gmail-com June 2011 Discovered by: Brian Adeloye of Tenable Network Security This exploit makes use of two vulnerabilities: 1 Base64 authentication credentials hard-coded in lcfd.exe 2 Stack-based...

Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038

Matta Consulting - Matta Advisory http://www.trustmatta.com Cisco Unified Videoconferencing multiple vulnerabilities Advisory ID: MATTA-2010-001 CVE reference: CVE-2010-3037 CVE-2010-3038 Affected platforms: Cisco Unified Videoconferencing 3515,3522,3527,5230,3545, 5110,5115 Systems and unspecifi...

Cisco Security Response: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Response: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml Revision 1.0 For Public Release 2010 November 17 1600 UTC GMT...

SCADA Vendors Still Need Security Wake Up Call

Companies that make supervisory control and data acquisition SCADA and industrial control software are still dangerously lax when it comes to application security and vulnerable to attack, according to a researcher from security firm Tenable Inc. who warned that the use of coded administrative...

CVE-2010-2073

authdbconfig.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the 1 test, 2 user, and 3 roxon accounts, which allows remote attackers to read arbitrary files from the FTP server...

CVE-2010-2073

authdbconfig.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the 1 test, 2 user, and 3 roxon accounts, which allows remote attackers to read arbitrary files from the FTP server...

CVE-2010-2073

CVE-2010-2073 affects Pyftpd 0.8.4, where auth_db_config.py contains hard-coded usernames and passwords (test, user, roxon). This enables remote attackers to read arbitrary files from the FTP server due to hard-coded credentials. The issue is documented across multiple sources (NVD entry for CVE-...

CVE-2010-2073

Removed by vendor...

PT-2010-3684 · Pyftpd · Pyftpd

Name of the Vulnerable Software and Affected Versions: Pyftpd version 0.8.4 Description: The issue concerns hard-coded usernames and passwords in the auth db config.py file for the test, user, and roxon accounts. This allows remote attackers to read arbitrary files from the FTP server...

CVE-2010-1573

Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username Gemtek and password gemtekswd for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the 1 data1, 2 data2, or 3 data3 parameters to a Debugcommandpage.asp and b debug.cgi...

PT-2010-3244 · Linksys · Linksys Wap54Gv3

Name of the Vulnerable Software and Affected Versions: Linksys WAP54Gv3 firmware versions 3.04.03 and earlier Description: The issue allows remote attackers to execute arbitrary commands due to the use of hard-coded credentials for a debug interface on certain web pages. Specifically, the...

IBM Cognos Express Server Backdoor Account Remote Code Execution

Added: 05/25/2010 CVE: CVE-2010-0557 BID: 38084 OSVDB: 62118 Background IBM Cognos Express is an integrated business intelligence BI and planning solution which delivers the essential reporting, analysis, dashboard, scorecard, planning, budgeting and forecasting capabilities that midsize companie...

IBM Cognos Express Server Backdoor Account Remote Code Execution

Added: 05/25/2010 CVE: CVE-2010-0557 BID: 38084 OSVDB: 62118 Background IBM Cognos Express is an integrated business intelligence BI and planning solution which delivers the essential reporting, analysis, dashboard, scorecard, planning, budgeting and forecasting capabilities that midsize companie...

IBM Cognos Express Server Backdoor Account Remote Code Execution

Added: 05/25/2010 CVE: CVE-2010-0557 BID: 38084 OSVDB: 62118 Background IBM Cognos Express is an integrated business intelligence BI and planning solution which delivers the essential reporting, analysis, dashboard, scorecard, planning, budgeting and forecasting capabilities that midsize companie...

IBM Cognos Express Server Backdoor Account Remote Code Execution

Added: 05/25/2010 CVE: CVE-2010-0557 BID: 38084 OSVDB: 62118 Background IBM Cognos Express is an integrated business intelligence BI and planning solution which delivers the essential reporting, analysis, dashboard, scorecard, planning, budgeting and forecasting capabilities that midsize companie...

CVE-2009-3710

RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username dbadmin and password sq!us3r for an SSH tunnel, which allows remote attackers to gain privileges via port 8022...

CVE-2009-3710

RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username dbadmin and password sq!us3r for an SSH tunnel, which allows remote attackers to gain privileges via port 8022...

CVE-2009-3710

RioRey RIOS 4.6.6 and 4.7.0 use an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, enabling remote attackers to gain privileges via port 8022. The OpenVAS entry corroborates default credentials exposure; no patch/versioned remediation details are provided in ...

CVE-2008-1079

The outboxWriteUnsent function in FTPThread.class in SendFile.jar for Beehive Software SendFile.NET uses hard-coded credentials for an FTP server, which allows remote attackers to gain privileges...

CVE-2008-1079

CVE-2008-1079 affects Beehive Software SendFile.NET. The outboxWriteUnsent function in FTPThread.class within SendFile.jar uses hard-coded credentials for an FTP server, allowing remote attackers to gain privileges. The provided documents do not specify a patch or workaround; exploitation details...