GSX Analyzer 10.12/11 - 'main.swf' Hard-Coded Superadmin Credentials

Exploit Title: GSX Analyzer hardcoded superadmin credentials in Main.swf Google Dork: inurl:"/Main.swf?cachebuster=" need to manually look for stringtitle "Loading GSX Analyzer ... 0%" Date: 12-07-16 Exploit Author: ndevnull Vendor Homepage: http://www.gsx.com/products/gsx-analyzer Software Link:...

Trane ComfortLink II Privilege Access Vulnerability

Trane ComfortLink II is a set of connection control components for use in home intelligence systems from Trane UK. A privilege-acquisition vulnerability exists in the Trane ComfortLink II using firmware version 2.0.2, which originates from the program's installation of user credentials with a...

Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypass

Overview The Netgear D6000 and D3600 routers are vulnerable to authentication bypass and contain hard-coded cryptographic keys embedded in their firmware. Description CWE-321: Use of Hard-coded Cryptographic Key -- CVE-2015-8288The firmware for these devices contains a hard-coded RSA private key,...

IBM Security Guardium Database Activity Monitor Information Disclosure Vulnerability

IBM Security Guardium Database Activity Monitor is a database activity monitor product from IBM USA. The product provides features such as automated controls for compliance and protection against internal and external threats. A security vulnerability exists in IBM Security Guardium Database...

Fonality FTP Hardcoding Vulnerability

Fonality is an open source telephone switch solution with integrated VoIP and CRM features. Fonality FTP uses hard-coded usernames and passwords with a security vulnerability that allows remote attackers to log in as 'nobody' and obtain a shell...

Configuration option control vulnerability in various GE products

GE ML800 and others are Ethernet switch products from General Electric GE. Various GE products use hard-coded certificates, allowing a remote attacker to exploit the vulnerability to gain administrator privileges for device configuration and control all available configuration options through a w...

Fonality contains a hard-coded password and embedded SSL private key

Overview Fonality previously trixbox Pro version 12.6 and later uses a hard-coded password, and the accompanying HUDweb plugin embeds a private SSL key. Description CWE-259: Use of Hard-coded Password - CVE-2016-2362According to the reporter, FTP is used to sync phone configurations for users, by...

Lorex ECO DVR Backdoor Account

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 1. ADVISORY INFORMATION ======================= Product: Lorex ECO DVR Vendor URL: https://www.lorextechnology.com/ Type: Hard coded password CWE-259 Date found: 2016-05-04 Date published: 2016-05-30 CVE: - 2. CREDITS ========== This vulnerability w...

MEDHOST Perioperative Information Management System Unauthorized Operation Vulnerability

MEDHOST Perioperative Information Management System PIMS is a suite of solutions covering surgical treatment, nursing care and other services from MEDHOST, Inc. that includes an anesthesia information management system AIMS, remote host control and streamlined patient tracking. A security...

MEDHOST Perioperative Information Management System contains hard-coded database credentials

Overview MEDHOST Perioperative Information Management System PIMS versions prior to 2015R1 contain hard-coded credentials that are used for customer database access. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-4328MEDHOST PIMS, previously branded as VPIMS, contains hard-coded...

Lantronix xPrintServer Privilege Gain Vulnerability

Lantronix xPrintServer is a print server from Lantronix Network Technologies USA. A security vulnerability exists in the Lantronix xPrintServer using firmware versions prior to 5.0.1-65 that stems from the program's use of hard-coded certificates. A remote attacker could exploit the vulnerability...

Lantronix xPrintServer contains multiple vulnerabilities

Overview The Lantronix xPrintServer and its accompanying cloud storage API contains several vulnerabilities. Description CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' - CVE-2014-9002An unauthenticated attacker can include a shell command inside the 'c'...

Pornhub: Weak user aunthentication on mobile application - I just broken userKey secret password

The researcher discovered a hard coded authentication bypass on the mobile app...

HP Data Protector Hard-coded Cryptographic Key (HPSBGN03580)

The HP Data Protector application running on the remote host contains an embedded SSL private key that is shared across all installations. An attacker can exploit this to perform man-in-the-middle attacks against the host or have other potential impacts. %NASLMINLEVEL 70300 C Tenable Network...

Merit Lilin IP Cameras - Multiple Vulnerabilities

Merit Lilin IP Cameras - Multiple Vulnerabilities / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ 0 | R | W | 3 | L | L | L | 4 | 8 | 5 / / / / / / / / / / www.orwelllabs.com securityadivisory @orwelllabs ;r By sitting in the alcove, and keeping well back, Winston was able to remain outside the...

Merit Lilin IP Cameras - Multiple Vulnerabilities

Exploit for cgi platform in category web applications Adivisory Information ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Title: Merit Lilin IP Cameras Multiple Vulnerabilities + Vendor: Merit Lilin Enterprise Co., Ltd. + Research and Advisory: Orwelllabs + Adivisory URL:...

Merit Lilin IP Cameras - Multiple Vulnerabilities

/ \ / \ / \ / \ / \ / \ / \ / \ / \ / \ 0 | R | W | 3 | L | L | L | 4 | 8 | 5 / / / / / / / / / / www.orwelllabs.com securityadivisory @orwelllabs ;r By sitting in the alcove, and keeping well back, Winston was able to remain outside the range of the telescreen... Adivisory Information...

Systech SysLINK M2M Modular Gateway Privilege Gain Vulnerability

The Systech SysLINK SL-1000 M2M Machine-to-Machine Modular Gateway is a router product from Systech, Inc. that provides DHCP, NAT, VPN, and firewall features. A privilege-acquisition vulnerability exists in the web interface of the Systech SysLINK SL-1000 M2M Modular Gateway using firmware prior ...

SysLINK M2M Modular Gateway contains multiple vulnerabilities

Overview The SysLINK SL-1000 M2M Machine-to-Machine Modular Gateway contains multiple vulnerabilities. Description According to the researcher, the SysLINK SL-1000 M2M Modular Gateway contains multiple vulnerabilities:CWE-259: Use of Hard-coded Password - CVE-2016-2331 By default, the device's we...

TH692 Outdoor P2P HD Waterproof IP Camera Hard-Coded Credentials

Exploit Title: TH692- Outdoor P2P HD Waterproof IP Camera hardcoded credentials Date: 4/16/2016 Exploit Author: DLY Vendor: TENVIS Technology Co., Ltd Product: TH692- Outdoor P2P HD Waterproof IP Camera Product webpage: http://www.tenvis.com/th-692-outdoor-p2p-hd-waterproof-ip-camera-p-230.html...