8034 matches found
RuggedCom Rugged Operating System (ROS) contains hard-coded user account with predictable password
Overview RuggedCom Rugged Operating System ROS contains a hard-coded user account with a predictable password. Description RuggedCom Rugged Operating System ROS, used in RuggedCom network infrastructure devices, contains a hard-coded user account named "factory" that cannot be disabled. The...
WAGO I/O System 758 Series Hard-Coded Credentials Vulnerability (Telnet)
WAGO I/O System 758 series devices are using a set of hard-coded credentials. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...
WAGO I/O System 758 Series Hard-Coded Credentials Vulnerability (HTTP)
WAGO I/O System 758 series devices are using a set of hard-coded credentials. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...
tomcat: Multiple weaknesses in HTTP DIGEST authentication
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...
tomcat: Multiple weaknesses in HTTP DIGEST authentication
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...
tomcat: Multiple weaknesses in HTTP DIGEST authentication
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...
tomcat: Multiple weaknesses in HTTP DIGEST authentication
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...
tomcat: Multiple weaknesses in HTTP DIGEST authentication
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...
tomcat: Multiple weaknesses in HTTP DIGEST authentication
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...
tomcat: Multiple weaknesses in HTTP DIGEST authentication
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...
CVE-2011-5064
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...
tomcat: Multiple weaknesses in HTTP DIGEST authentication
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...
CVE-2010-4965
/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server...
IBM Tivoli Endpoint 4.1.1 Buffer Overflow / Hard-Coded Credentials
!/usr/bin/python tiv-sys.py IBM Tivoli Endpoint 4.1.1 Remote SYSTEM Exploit Jeremy Brown 0xjbrown41-gmail-com June 2011 Discovered by: Brian Adeloye of Tenable Network Security This exploit makes use of two vulnerabilities: 1 Base64 authentication credentials hard-coded in lcfd.exe 2 Stack-based...
Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038
Matta Consulting - Matta Advisory http://www.trustmatta.com Cisco Unified Videoconferencing multiple vulnerabilities Advisory ID: MATTA-2010-001 CVE reference: CVE-2010-3037 CVE-2010-3038 Affected platforms: Cisco Unified Videoconferencing 3515,3522,3527,5230,3545, 5110,5115 Systems and unspecifi...
Cisco Security Response: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Response: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml Revision 1.0 For Public Release 2010 November 17 1600 UTC GMT...
SCADA Vendors Still Need Security Wake Up Call
Companies that make supervisory control and data acquisition SCADA and industrial control software are still dangerously lax when it comes to application security and vulnerable to attack, according to a researcher from security firm Tenable Inc. who warned that the use of coded administrative...
VulnCheck KEV: CVE-2010-2772
Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568...
CVE-2010-2772
Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568...
CVE-2010-2772
CVE-2010-2772 affects Siemens SIMATIC WinCC and SIMATIC PCS 7: a security bypass via default hard-coded SQL credentials allows remote attackers to access the backend database with administrative-like access. The vulnerability is tied to use of default credentials in the WinCC SQL server, permitti...