CVE-2014-3489

CVE-2014-3489 affects Red Hat CloudForms 3.0 Management Engine (CFME); lib/util/miq-password.rb uses a hard-coded salt, enabling easier brute-force guessing of stored passwords by remote attackers. Documented impact: password guessing via brute force; exposure depends on access to stored credenti...

PT-2014-5355 · Red Hat · Red Hat Cloudforms

Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms versions prior to 5.2.4.2 Description: The issue concerns the use of a hard-coded salt in a password management component, which could facilitate brute force attacks by remote attackers, making it easier to guess passwords...

Netgear GS105PE Prosafe Plus Switch contains hard-coded login credentials

Overview Netgear GS105PE Prosafe Plus Switch firmware version 1.2.0.5 contains hard-coded credentials. CWE-798 Description Netgear GS105PE Prosafe Plus Switch contains hard-coded login credentials that can be used for authenticating to the web server running on the device. The username is ntgruse...

Stem Innovation ‘IZON’ Hard-coded Credentials

No description provided by source. Stem Innovation ‘IZON’ Hard-coded Credentials CVE-2013-6236 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- Stem Innovation's IP camera called ‘IZON’ utilizes numerous hard-coded credentials within its Linux...

Cisco IOS Bind Shellcode 1.0

No description provided by source. ---------------------------------------------------------------------------------------- Cisco IOS Bind shellcode v1.0 c 2007 IRM Plc By Varun Uppal ---------------------------------------------------------------------------------------- The code creates a new...

BigPond 3G21WB Multiple Vulnerabilities

No description provided by source. Hard-coded credentials and command-injection vulnerabilities on BigPond 3G21WB ============================================================================== ADVISORY INFORMATION Title: Hard-coded credentials and command-injection vulnerabilities on BigPond 3G21...

TP-Link TL-SC3171 IP Cameras - Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras 1. Advisory Information Title: Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras Advisory ID: CORE-2013-0618 Advisory URL:...

Cisco IOS 12.3(18) FTP Server - Remote Exploit (attached to gdb)

No description provided by source. / Cisco IOS FTP server remote exploit by Andy Davis 2008 Cisco Advisory ID: cisco-sa-20070509-iosftp - May 2007 Specific hard-coded addresses for IOS 12.318 on a 2621XM router Removes the requirement to authenticate and escalates to level 15 To protect the...

iBill Management Script Weak Hard-Coded Password Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3476/info iBill is an Internet billing company that provides secure payment processing for e-commerce. A vulnerability exists in iBill's CGI password management script called ibillpm.pl. The default password is the client...

FileZilla 2.2.15 FTP Client Hard-Coded Cipher Key Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14730/info FileZilla FTP client may allow local attackers to obtain user passwords and access remote servers. The application uses a hard-coded cipher key to decrypt the password, which is stored in an XML file or the...

TP-Link IP Cameras Firmware 1.6.18P12 - Multiple Vulnerabilities

No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com TP-Link IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: TP-Link IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0318 Advisory URL:...

Zavio IP Cameras Firmware 1.6.03 - Multiple Vulnerabilities

No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com Zavio IP Cameras multiple vulnerabilities 1. Advisory Information Title: Zavio IP Cameras multiple vulnerabilities Advisory ID: CORE-2013-0302 Advisory URL:...

Siemens Simatic S7-300 PLC Remote Memory Viewer

No description provided by source. Exploit Title: Siemens Simatic S7 300 Remote Memory Viewer Backdoor Date: 7-13-2012 Exploit Author: Dillon Beresford Vendor Homepage: http://www.siemens.com/ Tested on: Siemens Simatic S7-1200 PLC CVE : None require 'msf/core' class Metasploit3 Msf::Auxiliary...

CFME: Default salt value in miq-password.rb

lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine CFME before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack...

[Onapsis Security Advisories] Multiple Hard-coded Usernames in SAP Components

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisories:Multiple Hard-coded Usernames CWE-798 have been found and patched in a variety of SAP components. Summaries of the advisories with links to full versions follow: 1. ONAPSIS-2014-011-SAP Project System Structures and...

Morpho Itemiser 3 Hard-Coded Credential

OVERVIEW Independent researchers Billy Rios and Terry McCorkle have identified hard-coded credentials in the Morpho Itemiser 3. Morpho has not produced a patch, update, or new version that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The followin...

PT-2014-16: Privilege Gaining in Siemens SIMATIC WinCC

The specialists of the Positive Research center have detected a Privilege Gaining vulnerability in SIMATIC WinCC. A hard coded encryption key could allow privilege escalation in the WinCC Project administration application if its network communication on port 1030/tcp of a legitimate user can be...

ZyXEL Wireless N300 NetUSB Router NBG-419N devices contain multiple vulnerabilities

Overview ZyXEL Wireless N300 NetUSB Router NBG-419N running firmware version 1.00BFQ.6C0, and possibly earlier versions, is susceptible to multiple vulnerabilities. Other device models that use similar firmware may also be vulnerable. Description ZyXEL Wireless N300 NetUSB Router NBG-419N running...

Jenkins HP Application Automation Tools Plugin Password Encryption Security Weakness

The remote host is using the Jenkins HP Application Automation tools plugin. Nessus was able to remotely access one or more unprotected files in the Jenkins build system and decrypt the HP Application Lifecycle Management password. These passwords are currently encrypted with a known, hard-coded...

ZTE ZXV10 W300 Wireless Router Hard-coded Password

Nessus was able to login to the remote device using a known hard-coded password prepended with a portion of the device's MAC address obtained from an SNMP request for the admin account. Attackers can exploit this vulnerability to gain full control of the device. TRUSTED...