Pornhub: Weak user aunthentication on mobile application - I just broken userKey secret password

The researcher discovered a hard coded authentication bypass on the mobile app...

HP Data Protector Hard-coded Cryptographic Key (HPSBGN03580)

The HP Data Protector application running on the remote host contains an embedded SSL private key that is shared across all installations. An attacker can exploit this to perform man-in-the-middle attacks against the host or have other potential impacts. %NASLMINLEVEL 70300 C Tenable Network...

Merit Lilin IP Cameras - Multiple Vulnerabilities

/ \ / \ / \ / \ / \ / \ / \ / \ / \ / \ 0 | R | W | 3 | L | L | L | 4 | 8 | 5 / / / / / / / / / / www.orwelllabs.com securityadivisory @orwelllabs ;r By sitting in the alcove, and keeping well back, Winston was able to remain outside the range of the telescreen... Adivisory Information...

Merit Lilin IP Cameras - Multiple Vulnerabilities

Exploit for cgi platform in category web applications Adivisory Information ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Title: Merit Lilin IP Cameras Multiple Vulnerabilities + Vendor: Merit Lilin Enterprise Co., Ltd. + Research and Advisory: Orwelllabs + Adivisory URL:...

Merit Lilin IP Cameras - Multiple Vulnerabilities

Merit Lilin IP Cameras - Multiple Vulnerabilities / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ 0 | R | W | 3 | L | L | L | 4 | 8 | 5 / / / / / / / / / / www.orwelllabs.com securityadivisory @orwelllabs ;r By sitting in the alcove, and keeping well back, Winston was able to remain outside the...

Systech SysLINK M2M Modular Gateway Privilege Gain Vulnerability

The Systech SysLINK SL-1000 M2M Machine-to-Machine Modular Gateway is a router product from Systech, Inc. that provides DHCP, NAT, VPN, and firewall features. A privilege-acquisition vulnerability exists in the web interface of the Systech SysLINK SL-1000 M2M Modular Gateway using firmware prior ...

SysLINK M2M Modular Gateway contains multiple vulnerabilities

Overview The SysLINK SL-1000 M2M Machine-to-Machine Modular Gateway contains multiple vulnerabilities. Description According to the researcher, the SysLINK SL-1000 M2M Modular Gateway contains multiple vulnerabilities:CWE-259: Use of Hard-coded Password - CVE-2016-2331 By default, the device's we...

TH692 Outdoor P2P HD Waterproof IP Camera - Hard Coded Credentials

Exploit for hardware platform in category dos / poc Exploit Title: TH692- Outdoor P2P HD Waterproof IP Camera hardcoded credentials Date: 4/16/2016 Exploit Author: DLY Vendor: TENVIS Technology Co., Ltd Product: TH692- Outdoor P2P HD Waterproof IP Camera Product webpage:...

TH692 Outdoor P2P HD Waterproof IP Camera Hard-Coded Credentials

Exploit Title: TH692- Outdoor P2P HD Waterproof IP Camera hardcoded credentials Date: 4/16/2016 Exploit Author: DLY Vendor: TENVIS Technology Co., Ltd Product: TH692- Outdoor P2P HD Waterproof IP Camera Product webpage: http://www.tenvis.com/th-692-outdoor-p2p-hd-waterproof-ip-camera-p-230.html...

TH692 Outdoor P2P HD Waterproof IP Camera - Hard-Coded Credentials

TH692 Outdoor P2P HD Waterproof IP Camera - Hard-Coded Credentials Exploit Title: TH692- Outdoor P2P HD Waterproof IP Camera hardcoded credentials Date: 4/16/2016 Exploit Author: DLY Vendor: TENVIS Technology Co., Ltd Product: TH692- Outdoor P2P HD Waterproof IP Camera Product webpage:...

TH692 Outdoor P2P HD Waterproof IP Camera - Hard-Coded Credentials

Exploit Title: TH692- Outdoor P2P HD Waterproof IP Camera hardcoded credentials Date: 4/16/2016 Exploit Author: DLY Vendor: TENVIS Technology Co., Ltd Product: TH692- Outdoor P2P HD Waterproof IP Camera Product webpage: http://www.tenvis.com/th-692-outdoor-p2p-hd-waterproof-ip-camera-p-230.html...

Brickcom Corporation Network Cameras - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Adivisory Information ===================== Vendor: Brickcom Corporation CVE-Number:N/A Adivisory-URL: http://www.orwelllabs.com/2016/04/Brickcom-Multiple-Vulnerabilities.html OLSA-ID: OLSA-2015-12-12 Impact: High especially because some ...

Brickcom Corporation Network Cameras - Multiple Vulnerabilities

| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the business model of the internet - OK! sm1thw@0rw3lll4bs:/bb echo $?...

Brickcom Network Cameras XSS / CSRF / Insecure Direct Object Reference

| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the business model of the internet - OK! sm1thw@0rw3lll4bs:/bb echo $?...

Brickcom Corporation Network Cameras - Multiple Vulnerabilities

Brickcom Corporation Network Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the...

Pro-face GP-Pro EX Security Bypass Vulnerability

Pro-face GP-Pro EX is a set of HMI screen editing and logic programming software. The Pro-face GP-Pro EX's FTP server uses hard-coded credentials, allowing remote attackers to exploit the vulnerability to access items in the device and obtain sensitive information...

Pro-face GP-Pro EX Authentication Bypass Vulnerability

Pro-face GP-Pro EX is a set of HMI screen editing and logic programming software from American Pro-face. The Pro-face GP-Pro EX has a security vulnerability due to the use of hard-coded certificates by the FTP server. A remote attacker could exploit the vulnerability to access items in the device...

Patterson Dental Eaglesoft Information Disclosure Vulnerability

Patterson Dental Eaglesoft is a suite of dental records software from Patterson Dental Supply Patterson Dental in the United States. An information disclosure vulnerability exists in Patterson Dental Eaglesoft that arises from the program using the same hard-coded credentials across different use...

Patterson Dental Eaglesoft uses a hard-coded database password across installations

Overview Patterson Dental Eaglesoft is a dental records software. Eaglesoft uses a hard-coded database password that is shared across all installations. Description CWE-798: Use of Hard-coded Credentials- CVE-2016-2343 According to the researcher, Eaglesoft uses hard-coded credentials to access a...

Cisco Prime LAN Management Solution Hardcoding Vulnerability

Cisco Prime LAN Management Solution is a LAN-based network management solution from Cisco. A hard-coded vulnerability exists in Cisco Prime LAN Management Solution, which allows a local attacker to decrypt data in the LMS database using a hard-coded key to compromise an affected device...