HP Insight Control For VMware vCenter Server 7.3 Insecure Permissions

/ Exploit Title: HP Insight Control for VMware vCenter Server Multiple Vulnerabilities Date: 11/05/2014 Author: Glafkos Charalambous Version: 7.3 Vendor: HP Vendor URL: http://www.hpe.com HP Case: SSRT101619 Product Description: HP Insight Control for VMware vCenter Server Insight Control for...

Ichano AtHome IP Cameras Multiple Vulnerabilities

Exploit for hardware platform in category remote exploits Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in Ichano IP Cameras. AtHome Camera is “a remote video surveillance app which turns your personal computer, smart TV/set-top box, smart phone, and table...

CVE-2014-8389

CVE-2014-8389 affects AirLive IP cameras (MD-3025, BU-3026, BU-2015, WL-2000CAM, POE-200CAM). The vulnerability is an OS command injection in the CGI binaries: cgi_test.cgi on the MD-3025/BU-3026/BU-2015 (injection via certain parameters such as write_tan, etc.), and wireless_mft.cgi on WL-2000CA...

Ichano AtHome IP Cameras Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in Ichano IP Cameras. AtHome Camera is “a remote video surveillance app which turns your personal computer, smart TV/set-top box, smart phone, and tablet into a professional video monitoring system in a minute....

CVE-2017-17107

Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session...

Sonatype Nexus Repository Manager Weak Password Vulnerability

Sonatype Nexus Repository Manager is a maven repository manager. A security vulnerability exists in the LDAP integration feature in Sonatype Nexus Repository Manager 2.14.5 and earlier versions, which stems from the program's use of hard-coded CMMDwoV values to encrypt passwords. An attacker coul...

Ichano AtHome IP Cameras - Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in Ichano IP Cameras. AtHome Camera is “a remote video surveillance app which turns your personal computer, smart TV/set-top box, smart phone, and tablet into a professional video monitoring system in a minute....

Ichano AtHome IP Cameras - Multiple Vulnerabilities

Ichano AtHome IP Cameras - Multiple Vulnerabilities Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in Ichano IP Cameras. AtHome Camera is “a remote video surveillance app which turns your personal computer, smart TV/set-top box, smart phone, and tablet into...

CVE-2017-17107

CVE-2017-17107 affects Zivif PR115-204-P-RS Webcams (version 2.3.4.2103). The root user password is hard-coded as cat1029, and the SONIX OS setup makes it unchangeable, enabling root access via TELNET. This CVE is part of a set (CVE-2017-17105, -17106, -17107) describing authentication bypass, co...

CVE-2017-17107

Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session...

Weak Implementation Of Password Cipher

nexus-ldap-common contains a weak implementation of password cipher. It stores the LDAP bind password using the PBE Key Spec with only 23 iterations and a hard-coded password. This allows the cipher to be easily defeated...

Zivif Web Cameras Multiple Vulnerabilities

Implementation of access controls is Zivif cameras is severely lacking.As a result, CGI functions can be called directly, bypassing authentication checks. This was first identified with the following request CVE-2017-17106 http:///web/cgi-bin/hi3510/param.cgi?cmd=getuser Cameras respond to this...

Unspecified Vulnerability in Dell Storage Manager

Dell Storage Manager is an application for managing and monitoring multiple Storage Center, PS Series portfolio FluidFS from Dell USA. A security vulnerability exists in Dell Storage Manager versions prior to 16.3.20 aka 2016 R3.20 that stems from the program's use of a hard-coded password to...

CVE-2017-14374

The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 aka 2016 R3.20 is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionalit...

Hardcoded credentials

The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 aka 2016 R3.20 is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionalit...

CVE-2017-14374

The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 aka 2016 R3.20 is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionalit...

CVE-2017-14374

Dell Storage Manager before 16.3.20 (2016 R3.20) stores a hard-coded password for the SMI-S service. A remote attacker who knows the credential could disable the SMI-S service via HTTP requests, impacting storage management and monitoring through the SMI-S interface. Affected platform is Windows ...

CVE-2017-14374

The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 aka 2016 R3.20 is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionalit...

CVE-2017-2720

FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure...

CVE-2017-2720

FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure...