Ceragon FiberAir IP-10 Hardcoded Credentials Security Bypass Vulnerability

The Ceragon FiberAir IP-10 is a wireless microwave device. A security vulnerability exists in the hard-coded credentials of the Ceragon FiberAir IP-10, which could be exploited by an attacker to bypass certain authentication to access the device...

GE Ethernet Switches Have Hard-Coded SSL Key

There is a hard-coded private SSL key present in a number of hardened, managed Ethernet switches made by GE and designed for use in industrial and transportation systems. Researchers discovered that an attacker could extract the key from the firmware remotely. The vulnerability exists in a number...

OS X 10.9.x - sysmond XPC Privilege Escalation Vulnerability

Exploit for macOS platform in category local exploits / Source: https://code.google.com/p/google-security-research/issues/detail?id=121 / / tested on OS X 10.9.5 - uses some hard-coded offsets which will have to be fixed-up for other versions! this poc uses liblorgnette to resolve some private...

Hospira MedNet Vulnerabilitie

OVERVIEW Independent researcher Billy Rios has identified four vulnerabilities in Hospira’s MedNet server software. Hospira has released a new version of the MedNet software and provided mitigation recommendations that mitigate the reported vulnerabilities. Three of the four vulnerabilities could...

Netcore (Netis) Router 53413/UDP Backdoor Service Vulnerability

Netcore is a Shenzhen Lei Ke network communications producer, the main products involved in wireless routers, wireless network cards, network cards, hubs, switches, broadband routers, Layer 2, 3 and 4 switches, optical terminals. A large number of Netcore/Netis router products in the implementati...

CVE-2014-8518

The 1 Removable Media and 2 CD and DVD encryption offsite access options formerly Endpoint Encryption for Removable Media or EERM in McAfee File and Removable Media Protection FRP 4.3.0.x, and Endpoint Encryption for Files and Folders EEFF 3.2.x through 4.2.x, uses a hard-coded salt, which makes ...

CVE-2014-8518

The 1 Removable Media and 2 CD and DVD encryption offsite access options formerly Endpoint Encryption for Removable Media or EERM in McAfee File and Removable Media Protection FRP 4.3.0.x, and Endpoint Encryption for Files and Folders EEFF 3.2.x through 4.2.x, uses a hard-coded salt, which makes ...

Siemens Patches Five Vulnerabilities in SIMATIC WinCC for PCS 7

Siemens has patched five vulnerabilities in its SIMATIC PCS 7 system that could result in privilege escalation and give an attacker unauthenticated access to sensitive data. The flaws technically exist in WinCC, a SCADA supervisory control and data acquisition and HMI human-machine interface syst...

HardCoded Backdoor Found in China-made Netis, Netcore Routers

Routers manufactured and sold by Chinese security vendor have a hard-coded password that leaves users with a wide-open backdoor that could easily be exploited by attackers to monitor the Internet traffic. The routers are sold under the brand name Netcore in China, and Netis in other parts of the...

TP-Link IP cameras multiple vulnerabilities detailed analysis-vulnerability warning-the black bar safety net

Vulnerability description: In the TP-LinkTL-SC3171 IP Cameras Network Camera version of the LM. 1. 6. 18P12sign5 of the firmware found on the multiple vulnerabilities, these vulnerabilities allow an attacker to do the following things: 1: The CVE-2 0 1 3-2 5 7 8 file /cgi-bin/admin/servetest...

Cobham Aviator satellite terminals contain multiple vulnerabilities

Overview Cobham Aviator 700D and 700E satellite terminals contain multiple vulnerabilities. Description Cobham Aviator 700D and 700E satellite communication terminals contain the following vulnerabilities:CWE-327:Use of a Broken or Risky Cryptographic Algorithm - CVE-2014-2942 Please note that th...

[Onapsis Security Advisory 2014-024] Hard-coded Username in SAP FI Manager Self-Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-024: Hard-coded Username in SAP FI Manager Self-Service This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to...

CVE-2014-5176

SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors...

Hardcoded credentials

SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors...

CVE-2014-5176

SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors...

CVE-2014-5176

CVE-2014-5176 concerns SAP FI Manager Self-Service, where a hard-coded user name creates a potential backdoor that could allow remote attackers to gain access via unspecified vectors. The underlying issue is the presence of a fixed credential within the affected component, which reduces defense-i...

NETGEAR GS105PE Pro Safe Switch Hard-coded Credentials

The NETGEAR GS105PE Pro Safe Switch has a set of hard-coded credentials 'ntguser / debugpassword' that give access to several CGI control scripts and could allow a remote attacker to : - Modify the serial number and MAC address of the product. produceburn.cgi - Manually set memory to a certain...

Hewlett-Packard Universal CMDB Default Credentials Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Universal CMDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default configuration of Hewlett-Packard Universal CMDB. The...

CVE-2014-3489

lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine CFME before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack...

CVE-2014-3489

lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine CFME before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack...