CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3027 matches found

Prion•added 2014/08/15 11:15 a.m.•14 views

Hardcoded credentials

Cobham Sailor 6000 satellite terminals have hardcoded Tbus 2 credentials, which allows remote attackers to obtain access via a TBUS2 command. NOTE: the vendor reportedly states "there is no possibility to exploit another user's credentials...

7.1CVSS7.1AI score0.01971EPSS

Exploits0References1

Prion•added 2014/08/15 11:15 a.m.•12 views

Hardcoded credentials

Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the 1 debug, 2 prod, 3 do160, and 4 flrp programs, which allows physically proximate attackers to gain privileges by sending a password over a serial line...

6.9CVSS7.5AI score0.00486EPSS

Exploits0References1

CVE•added 2014/08/15 10:0 a.m.•49 views

CVE-2014-2941

Cobham Sailor 6000 satellite terminals are affected by a hardcoded Tbus 2 credential issue. An unauthenticated attacker could send arbitrary TBUS2 commands, potentially impacting terminal operation. The vendor statement disputes credential reuse across users and notes security enhancements in a l...

7.1CVSS6.8AI score0.01971EPSS

Exploits0References1Affected Software4

CVE•added 2014/08/15 10:0 a.m.•49 views

CVE-2014-2940

CVE-2014-2940 affects Cobham Sailor 900 and 6000 satellite terminals running firmware 1.08 MFHF / 2.11 VHF, where hardcoded administrator credentials are present. The NVD entry notes that an attacker could obtain full administrative control, with exploitation requiring either physical access to t...

10CVSS6.6AI score0.02215EPSS

Exploits0References1Affected Software1

Cvelist•added 2014/08/15 10:0 a.m.•23 views

CVE-2014-2941

6.5AI score0.01971EPSS

Exploits0References1

Positive Technologies•added 2014/08/15 12:0 a.m.•3 views

PT-2014-4971 · Cobham · Cobham Sailor 6000

Name of the Vulnerable Software and Affected Versions: Cobham Sailor 6000 satellite terminals affected versions not specified Description: The issue concerns hardcoded Tbus 2 credentials in Cobham Sailor 6000 satellite terminals. This allows remote attackers to obtain access via a TBUS2 command...

7.1CVSS6.9AI score0.01971EPSS

Exploits0References3

CVE•added 2014/08/12 12:0 a.m.•34 views

CVE-2013-5433

The CVE-2013-5433 issue concerns the Data Growth Solution for JD Edwards EnterpriseOne used with IBM InfoSphere Optim 3.0–9.1, where hardcoded database credentials are stored within the solution. This allows remote authenticated users to disclose sensitive information by reading an unspecified fi...

4CVSS5.8AI score0.01318EPSS

Exploits0References2Affected Software1

Cvelist•added 2014/08/12 12:0 a.m.•16 views

CVE-2013-5433

The Data Growth Solution for JD Edwards EnterpriseOne in IBM InfoSphere Optim 3.0 through 9.1 has hardcoded database credentials, which allows remote authenticated users to obtain sensitive information by reading an unspecified field in an XML document...

5.6AI score0.01318EPSS

Exploits0References2

CERT•added 2014/08/07 12:0 a.m.•28 views

Cobham Sailor satellite terminals contain hardcoded credentials

Overview Cobham Sailor 900 and 6000 series satellite terminals contain hardcoded credentials. Description CWE-798: Use of Hard-coded Credentials IOActive reports that Cobham Sailor 900 and 6000 series satellite communication terminals running firmware version: 1.08 MFHF / 2.11 VHF contain hardcod...

10CVSS6.9AI score0.02215EPSS

Exploits0References2

CERT•added 2014/08/07 12:0 a.m.•28 views

Iridium Pilot and OpenPort contain multiple vulnerabilities

Overview Broadband satellite terminals using Iridium Pilot and OpenPort have been found to contain undocumented hardcoded login credentials CWE-798. Additionally, these broadband satellite terminals utilize an insecure proprietary communications protocol that allows unauthenticated users to perfo...

9.3CVSS8AI score0.03653EPSS

Exploits0References2

CERT•added 2014/08/07 12:0 a.m.•26 views

Cobham Sailor 6000 series satellite terminal contain hardcoded credentials

Overview Cobham Sailor 6000 series satellite terminals contain hardcoded credentials for communicating via the Tbus 2 protocol. Description Note: this is a different vulnerability from VU460687CWE-798: Use of Hard-coded Credentials IOActive reports that Cobham Sailor 6000 series satellite...

7.1CVSS7.3AI score0.01971EPSS

Exploits0References2

Prion•added 2014/07/24 2:55 p.m.•22 views

Hardcoded credentials

The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during...

6.8CVSS6.5AI score0.01087EPSS

Exploits0References1Affected Software2

CERT•added 2014/07/11 12:0 a.m.•34 views

Datum Systems satellite modem devices contain multiple vulnerabilities

Overview Datum Systems PSM-4500 and PSM-500 series satellite modem devices contain multiple vulnerabilities Description CWE-220:Sensitive Data Under FTP Root - CVE-2014-2950The Datum Systems SnIP operating system on PSM-4500 and PSM-500 satellite modem devices has FTP enabled by default with no...

10CVSS7.1AI score0.02294EPSS

Exploits0References3

Prion•added 2014/07/07 2:55 p.m.•22 views

Hardcoded credentials

lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine CFME before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack...

4.3CVSS6.9AI score0.01586EPSS

Exploits0References2Affected Software1

Prion•added 2014/07/07 11:1 a.m.•15 views

Hardcoded credentials

Cisco Unified Communications Domain Manager CDM in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a binary file found in a different installation o...

10CVSS7.1AI score0.03602EPSS

Exploits0References5Affected Software1

seebug.org•added 2014/07/01 12:0 a.m.•30 views

Sitecom N300/N600 Devices - Multiple Vulnerabilities

No description provided by source. Multiple vulnerabilities on Sitecom N300/N600 devices ===================================================== ADVISORY INFORMATION Title: Multiple vulnerabilities on Sitecom N300/N600 devices Discovery date: 01/06/2013 Release date: 19/08/2013 Credits: Roberto...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•21 views

Seagate BlackArmor NAS - Multiple Vulnerabilities

No description provided by source. Exploit Title: Seagate BlackArmor NAS Multiple Vulnerabilities Date: 2/17/14 Exploit Author: Shayan Sadigh twitter.com/r1pplex | [email protected] Vendor Homepage: http://www.seagate.com/external-hard-drives/network-storage/ Version: All BlackArmor NAS...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•57 views

Franklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities

No description provided by source. Trustwave's SpiderLabs Security Advisory TWSL2014-001: Multiple Vulnerabilities in Franklin Fueling's TS-550 evo Published: 01/03/2014 Version: 1.0 Vendor: Franklin Fueling Systems http://www.franklinfueling.com/ Product: TS-550 evo device Version affected:...

10CVSS8.7AI score0.04337EPSS

Exploits10

seebug.org•added 2014/07/01 12:0 a.m.•27 views

ZTE ZXV10 W300 Router - Hardcoded Credentials

No description provided by source. Exploit Title: ZTE ZXV10 W300 router contains hardcoded credentials Date: 03 Feb 2014 Exploit Author: Cesar Neira Vendor Homepage: http://wwwen.zte.com.cn/ Version: ZTE ZXV10 W300 v2.1 CVE : CVE-2014-0329 Dork Shodan: Basic realm=index.htm References:...

9.3CVSS6.5AI score0.08521EPSS

Exploits6