Hardcoded credentials

SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors...

CVE-2014-5176

CVE-2014-5176 concerns SAP FI Manager Self-Service, where a hard-coded user name creates a potential backdoor that could allow remote attackers to gain access via unspecified vectors. The underlying issue is the presence of a fixed credential within the affected component, which reduces defense-i...

CVE-2014-5176

SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors...

NETGEAR GS105PE Pro Safe Switch Hard-coded Credentials

The NETGEAR GS105PE Pro Safe Switch has a set of hard-coded credentials 'ntguser / debugpassword' that give access to several CGI control scripts and could allow a remote attacker to : - Modify the serial number and MAC address of the product. produceburn.cgi - Manually set memory to a certain...

Hewlett-Packard Universal CMDB Default Credentials Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Universal CMDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default configuration of Hewlett-Packard Universal CMDB. The...

CVE-2014-3489

lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine CFME before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack...

CVE-2014-3489

lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine CFME before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack...

CVE-2014-3489

CVE-2014-3489 affects Red Hat CloudForms 3.0 Management Engine (CFME); lib/util/miq-password.rb uses a hard-coded salt, enabling easier brute-force guessing of stored passwords by remote attackers. Documented impact: password guessing via brute force; exposure depends on access to stored credenti...

PT-2014-5355 · Red Hat · Red Hat Cloudforms

Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms versions prior to 5.2.4.2 Description: The issue concerns the use of a hard-coded salt in a password management component, which could facilitate brute force attacks by remote attackers, making it easier to guess passwords...

Netgear GS105PE Prosafe Plus Switch contains hard-coded login credentials

Overview Netgear GS105PE Prosafe Plus Switch firmware version 1.2.0.5 contains hard-coded credentials. CWE-798 Description Netgear GS105PE Prosafe Plus Switch contains hard-coded login credentials that can be used for authenticating to the web server running on the device. The username is ntgruse...

Stem Innovation ‘IZON’ Hard-coded Credentials

No description provided by source. Stem Innovation ‘IZON’ Hard-coded Credentials CVE-2013-6236 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- Stem Innovation's IP camera called ‘IZON’ utilizes numerous hard-coded credentials within its Linux...

Zavio IP Cameras Firmware 1.6.03 - Multiple Vulnerabilities

No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com Zavio IP Cameras multiple vulnerabilities 1. Advisory Information Title: Zavio IP Cameras multiple vulnerabilities Advisory ID: CORE-2013-0302 Advisory URL:...

BigPond 3G21WB Multiple Vulnerabilities

No description provided by source. Hard-coded credentials and command-injection vulnerabilities on BigPond 3G21WB ============================================================================== ADVISORY INFORMATION Title: Hard-coded credentials and command-injection vulnerabilities on BigPond 3G21...

Cisco IOS Bind Shellcode 1.0

No description provided by source. ---------------------------------------------------------------------------------------- Cisco IOS Bind shellcode v1.0 c 2007 IRM Plc By Varun Uppal ---------------------------------------------------------------------------------------- The code creates a new...

TP-Link TL-SC3171 IP Cameras - Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras 1. Advisory Information Title: Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras Advisory ID: CORE-2013-0618 Advisory URL:...

iBill Management Script Weak Hard-Coded Password Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3476/info iBill is an Internet billing company that provides secure payment processing for e-commerce. A vulnerability exists in iBill's CGI password management script called ibillpm.pl. The default password is the client...

FileZilla 2.2.15 FTP Client Hard-Coded Cipher Key Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14730/info FileZilla FTP client may allow local attackers to obtain user passwords and access remote servers. The application uses a hard-coded cipher key to decrypt the password, which is stored in an XML file or the...

Cisco IOS 12.3(18) FTP Server - Remote Exploit (attached to gdb)

No description provided by source. / Cisco IOS FTP server remote exploit by Andy Davis 2008 Cisco Advisory ID: cisco-sa-20070509-iosftp - May 2007 Specific hard-coded addresses for IOS 12.318 on a 2621XM router Removes the requirement to authenticate and escalates to level 15 To protect the...

TP-Link IP Cameras Firmware 1.6.18P12 - Multiple Vulnerabilities

No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com TP-Link IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: TP-Link IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0318 Advisory URL:...

Siemens Simatic S7-300 PLC Remote Memory Viewer

No description provided by source. Exploit Title: Siemens Simatic S7 300 Remote Memory Viewer Backdoor Date: 7-13-2012 Exploit Author: Dillon Beresford Vendor Homepage: http://www.siemens.com/ Tested on: Siemens Simatic S7-1200 PLC CVE : None require 'msf/core' class Metasploit3 Msf::Auxiliary...