Marel Food Processing Systems (Update A)

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Marel Equipment: Food Processing Systems Vulnerabilities: Hard-Coded Passwords, Unrestricted Upload, Improper Access Control UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

Marel Food Processing Systems (Update B)

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Marel Equipment: Food Processing Systems Vulnerabilities: Hard-Coded Passwords, Unrestricted Upload, Improper Access Control UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled...

CVE-2014-9931

A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value...

Github Enterprise Default Session Secret And Deserialization

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Github Enterprise Default Session Secret And Deserialization Vulnerability", 'Description' = %q This module exploits two securi...

Github Enterprise - Default Session Secret and Deserialization (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Github Enterprise Default Session Secret And Deserialization Vulnerability", 'Description' = %q This module exploits two securi...

ICSMA-17-082-01_BD Kiestra PerformA and KLA Journal Service Applications Hard-Coded Passwords Vulnerability

OVERVIEW Becton, Dickinson and Company BD has identified a hard-coded password vulnerability in BD’s Kiestra PerformA and KLA Journal Service applications that access the BD Kiestra Database. BD has produced compensating controls to reduce the risk of exploitation of the identified vulnerability ...

Hard-coded credential vulnerability in multiple Veritas products

Veritas NetBackup Appliance is an enterprise-class backup management appliance; NetBackup Server is a set of enterprise-class backup management servers that can run on multiple operating systems. A hard-coded credential vulnerability exists in multiple Veritas products. An attacker could exploit...

IBM QRadar SIEM Local Hardcoded Credential Information Disclosure Vulnerability

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A local hard-coded...

WePresent WiPG-1500 Backdoor Vulnerability

WePresent WiPG-1500 is a new gateway by AWIND, WiPG-1500 connects multi-platform devices Windows / Mac / Pad / Smartphone / AirPad for interactive presentations by supporting finger touch technology and virtual whiteboard. WePresent WiPG-1500 has a backdoor vulnerability. An attacker can connect ...

Red Lion Controls Sixnet-Managed Industrial Switches and Stride-Managed Ethernet Switches Hard-Coded Encryption Key Vulnerability

Red Lion Controls Sixnet-Managed Industrial Switches and Stride-Managed Ethernet Switches are both industrial Ethernet managed switches from Red Lion Controls, USA. A hard-coded encryption key vulnerability exists in Red Lion Controls Sixnet-Managed Industrial Switches version 5.0.196 and earlier...

WePresent WiPG-1500 - Backdoor Account

WePresent WiPG-1500 - Backdoor Account Exploit Title: CVE-2017-6351 - WePresent undocumented privileged manufacturer backdoor account Date: 27/02/2017 Exploit Author: Quentin Olagne Vendor Homepage: http://www.wepresentwifi.com/ or http://www.awindinc.com/productswepresentwipg1500.html Software...

Red Lion Controls Sixnet-Managed Industrial Switches, AutomationDirect STRIDE-Managed Ethernet Switches Vulnerability

CVSS v3 10 ATTENTION: Remotely exploitable. Low skill level is needed to exploit. Vendor: Red Lion Controls, AutomationDirect Equipment: Sixnet-Managed Industrial Switches and STRIDE-Managed Ethernet Switches Vulnerability: Use of Hard-coded Cryptographic Keys AFFECTED PRODUCTS The following Red...

Hughes satellite modems contain multiple vulnerabilities

Overview Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to several issues if not appropriately configured. Description Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to the following issues if not...

CVE-2016-8361

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication...

CVE-2016-9353

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use...

CVE-2016-8567

An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP...

CVE-2016-5818

An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device...

CVE-2016-8361

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication...

CVE-2016-5818

An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device...

CVE-2016-8567

An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP...