162 matches found
Cisco Firepower Threat Management Console 6.0.1 - Hard-Coded MySQL Credentials
Cisco Firepower Threat Management Console 6.0.1 - Hard-Coded MySQL Credentials KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL Credentials Title: Cisco Firepower Threat Management Console Hard-coded MySQL Credentials Advisory ID: KL-001-2016-005 Publication Date:...
BSNL Teracom Router Firmware Rewrite / Link Modification
Multiple Vulnerabilities in TERACOM ROUTER Author: Ajay Gowtham aka AJOXR Contact: gowtham.ajay5 at gmail.com Vulnerability Type: Insecure Upload File Permissions Affected Module: Upload Functionality Criticality: Medium Device Model: BSNL Teracom T2-B-Gawv1.4U10Y-BI is WiFi enabled ADSL2+...
Someone Just Leaked Hard-Coded Password Backdoor for Fortinet Firewalls
Are millions of enterprise users, who rely on the next-generation firewalls for protection, actually protected from hackers? Probably Not. Just less than a month after an unauthorized backdoor found in Juniper Networks firewalls, an anonymous security researcher has discovered highly suspicious...
CVE-2015-4136: SSH Authorisation permitted for a user with hard-coded credentials in Windows Stock Image (Windows Server 2012 R2) AMI
In Bamboo 5.8.0 and 5.8.1 the Windows Stock Image Windows Server 2012 R2 AMI contain a 'bamboo' user which is configured with a publicly known password. While the 'bamboo' user is not allowed RDP access it was permitted to login through SSH on instances using the affected AMI. In the event that a...
CVE-2014-8518
The 1 Removable Media and 2 CD and DVD encryption offsite access options formerly Endpoint Encryption for Removable Media or EERM in McAfee File and Removable Media Protection FRP 4.3.0.x, and Endpoint Encryption for Files and Folders EEFF 3.2.x through 4.2.x, uses a hard-coded salt, which makes ...
iBill Management Script Weak Hard-Coded Password Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3476/info iBill is an Internet billing company that provides secure payment processing for e-commerce. A vulnerability exists in iBill's CGI password management script called ibillpm.pl. The default password is the client...
Sitecom N300/N600 Devices - Multiple Vulnerabilities
Multiple vulnerabilities on Sitecom N300/N600 devices ===================================================== ADVISORY INFORMATION Title: Multiple vulnerabilities on Sitecom N300/N600 devices Discovery date: 01/06/2013 Release date: 19/08/2013 Credits: Roberto Paleari [email protected],...
Multiple vulnerabilities on Sitecom N300/N600 devices
Multiple vulnerabilities on Sitecom N300/N600 devices ===================================================== ADVISORY INFORMATION Title: Multiple vulnerabilities on Sitecom N300/N600 devices Discovery date: 01/06/2013 Release date: 19/08/2013 Credits: Roberto Paleari [email protected],...
Sitecom WLM-3500 backdoor accounts
Sitecom WLM-3500 backdoor accounts ================================== ADVISORY INFORMATION Title: Sitecom WLM-3500 backdoor accounts Discovery date: 24/03/2013 Release date: 16/04/2013 Credits: Roberto Paleari [email protected], @rpaleari Advisory URL:...
Siemens Simatic S7-300 - PLC Remote Memory Viewer (Metasploit)
Exploit Title: Siemens Simatic S7 300 Remote Memory Viewer Backdoor Date: 7-13-2012 Exploit Author: Dillon Beresford Vendor Homepage: http://www.siemens.com/ Tested on: Siemens Simatic S7-1200 PLC CVE : None require 'msf/core' class Metasploit3 'Siemens Simatic S7-300 PLC Remote Memory Viewer',...
RuggedCom Rugged Operating System (ROS) contains hard-coded user account with predictable password
Overview RuggedCom Rugged Operating System ROS contains a hard-coded user account with a predictable password. Description RuggedCom Rugged Operating System ROS, used in RuggedCom network infrastructure devices, contains a hard-coded user account named "factory" that cannot be disabled. The...
CVE-2010-1573
Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username Gemtek and password gemtekswd for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the 1 data1, 2 data2, or 3 data3 parameters to a Debugcommandpage.asp and b debug.cgi...
Maran PHP Shop - admin.php Insecure Cookie Handling
Maran PHP Shop - admin.php Insecure Cookie Handling Maran PHP Shop admin.php Insecure Cookie Handling Vulnerability url: http://www.maran.pamil-visions.com/maranshop.php Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was writte...
CVE-2007-2032
Cisco Wireless Control System WCS before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014...
CVE-2007-2032
Cisco Wireless Control System WCS before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014...
CVE-2007-1063
The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.04SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device...
CVE-2007-1063
Cisco Unified IP Phone models 7906G/7911G/7941G/7961G/7970G/7971G running firmware 8.0(4)SR1 and earlier have a hard-coded SSH credential issue in the SSH server that lets remote attackers access the device. Connected sources (NVD, Tenable, PRION, CVE lists) confirm the root cause as embedded cre...
Secure Elements Class 5 AVR server contains hard-coded user ID and password
Overview The Secure Elements Class 5 AVR server contains a hard-coded user ID and password. This may allow a remote unauthenticated attacker to gain access to the server. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors an...
CVE-2005-3803
Cisco IP Phone VoIP 7920 1.08 contains certain hard-coded "fixed" public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information...
CVE-2005-3803
Cisco IP Phone 7920 (VoIP) 1.0(8) is affected by hard-coded public and private SNMP community strings that cannot be changed, enabling potential remote information disclosure. The issue is documented across NVD/Nessus and Cisco advisories, with a vendor alert suggesting that fixed SNMP communitie...