PT-2005-1470 · Citrusdb · Citrusdb

Name of the Vulnerable Software and Affected Versions: CitrusDB versions 0.3.6 and earlier Description: The issue allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in t...

CVE-2005-0349

The CVE-2005-0349 entry covers BrightStor ARCserve Backup 11.1 UniversalAgent for UNIX, where the production release contains hard-coded credentials that enable remote access to the file system and may allow execution of arbitrary commands. Connected details specify a default/admin-like account w...

CVE-2005-0349

The production release of the UniversalAgent for UNIX in BrightStor ARCserve Backup 11.1 contains hard-coded credentials, which allows remote attackers to access the file system and possibly execute arbitrary commands...

[Full-Disclosure] iDEFENSE Security Advisory 02.10.05: Computer Associates BrightStor ARCserve Backup UniversalAgent Backdoor Vulnerability

Computer Associates BrightStor ARCserve Backup UniversalAgent Backdoor Vulnerability iDEFENSE Security Advisory 02.10.05 www.idefense.com/application/poi/display?id=198&type=vulnerabilities February 10, 2005 I. BACKGROUND BrightStor ARCserve Backup r11.1 delivers leading backup and restore...

CVE-2004-1322

Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages...

CVE-2004-2050

eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow local users to gain privileges by pressing CTRL-SHIFT-ALT-DEL and entering the "maertsJ" password, which is hard-coded into lshell...

CVE-2004-1322

Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages...

CVE-2002-0706

CVE-2002-0706 affects SurfControl SuperScout WebFilter’s Web Reports Server, specifically the UserManager.js component. The root cause is the use of weak encryption for administrator functions, with a hard-coded key inside a JavaScript function, enabling decryption of the admin password. This all...

iBill Management Script - Weak Hard-Coded Password

iBill Management Script - Weak Hard-Coded Password source: https://www.securityfocus.com/bid/3476/info iBill is an Internet billing company that provides secure payment processing for e-commerce. A vulnerability exists in iBill's CGI password management script called ibillpm.pl. The default...

iBill Management Script - Weak Hard-Coded Password

source: https://www.securityfocus.com/bid/3476/info iBill is an Internet billing company that provides secure payment processing for e-commerce. A vulnerability exists in iBill's CGI password management script called ibillpm.pl. The default password is the client's MASTERACCOUNT name plus two low...

CVE-2000-0784

sshd program in the Rapidstream 2.1 Beta VPN appliance has a hard-coded "rsadmin" account with a null password, which allows remote attackers to execute arbitrary commands via ssh...

CVE-2000-0784

sshd program in the Rapidstream 2.1 Beta VPN appliance has a hard-coded "rsadmin" account with a null password, which allows remote attackers to execute arbitrary commands via ssh...

CVE-2000-0784

The CVE concerns the Rapidstream 2.1 Beta VPN appliance where the sshd daemon contains a hard-coded rsadmin account with a null password. This effectively allows remote attackers to authenticate without credentials and execute arbitrary commands via SSH, giving full compromise potential to the de...

formhandler.cgi.txt

From: Mnemonix Subject: FormHandler.cgi FormHandler.cgi available from http://www.cgi-perl.com/programs/FormHandler uses hard coded physical paths for templates etc so it's possible to get sensitive files like /etc/passwd by modifying a site's f orm and submitting it. Cheers, David Litchfield...