WePresent WiPG-1500 - Backdoor Account

WePresent WiPG-1500 - Backdoor Account Exploit Title: CVE-2017-6351 - WePresent undocumented privileged manufacturer backdoor account Date: 27/02/2017 Exploit Author: Quentin Olagne Vendor Homepage: http://www.wepresentwifi.com/ or http://www.awindinc.com/productswepresentwipg1500.html Software...

Red Lion Controls Sixnet-Managed Industrial Switches, AutomationDirect STRIDE-Managed Ethernet Switches Vulnerability

CVSS v3 10 ATTENTION: Remotely exploitable. Low skill level is needed to exploit. Vendor: Red Lion Controls, AutomationDirect Equipment: Sixnet-Managed Industrial Switches and STRIDE-Managed Ethernet Switches Vulnerability: Use of Hard-coded Cryptographic Keys AFFECTED PRODUCTS The following Red...

Hughes satellite modems contain multiple vulnerabilities

Overview Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to several issues if not appropriately configured. Description Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to the following issues if not...

CVE-2016-8361

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication...

CVE-2016-9353

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use...

CVE-2016-8567

An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP...

CVE-2016-8361

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication...

CVE-2016-5818

An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device...

CVE-2016-8567

CVE-2016-8567 affects Siemens SICAM PAS prior to version 8.00. A factory account with hard-coded passwords could allow attackers to gain privileged access to the SICAM PAS database via port 2638/TCP. The vulnerability is rated high/critical (CVSS v3 base 9.8) with remote exploitation potential. S...

CVE-2016-8567

An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP...

CVE-2016-5818

CVE-2016-5818 affects Schneider Electric PowerLogic PM8ECC module up to version 2.651. The vulnerability arises from undocumented hard-coded credentials that grant access to the device, enabling remote access to configuration data. Public advisories note a remote-exploit possibility; no widely kn...

CVE-2016-8361

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication...

CVE-2016-5818

An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device...

BINOM3 Electric Power Quality Meter Hard-Coded Vulnerability

BINOM3 Electric Power Quality Meter is an electrical power quality monitor for SCADA systems from the Russian company BINOM3. A hard-coded vulnerability exists in BINOM3 Electric Power Quality Meter, where users do not have permission to change their passwords...

CVE-2016-8954

IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database...

Hardcoded credentials

IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database...

CVE-2016-8954

IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database...

CVE-2016-8954

IBM dashDB Local (v1.0.0–v1.3.1) is affected by CVE-2016-8954 due to hard-coded credentials that could allow a remote attacker to access the Docker container or the database. The IBM security bulletin confirms a high-severity flaw (CVSS v3 base 9.8) with remote, unauthenticated access leading to ...

[SECURITY] [DLA 795-1] hesiod security update

Package : hesiod Version : 3.0.2-21+deb7u1 CVE IDs : CVE-2016-10151 CVE-2016-10152 Debian Bugs : 852094, 852093 It was discovered that there were two vulnerabilities in hesiod, Project Athenas DNS-based directory service: CVE-2016-10151: A weak SUID check allowing privilege elevation...

IBM dashDB Local Hardcoding Vulnerability

IBM dashDB Local is a next-generation data warehouse storage and analytics solution from IBM USA for use in private clouds, virtual private clouds, and other container-enabled infrastructures. The solution features flexible container delivery, hybrid environment to store data, Spark in-memory bas...