Crestron AM-100 - Multiple Vulnerabilities

Crestron AM-100 - Multiple Vulnerabilities ================================================================= Crestron AM-100 Multiple Vulnerabilities ================================================================= Date: 2016-08-01 Exploit Author: Zach Lanier Vendor Homepage:...

ZOOKEEPER BATTLE - Dangerous filesystem permissions, Hardcoded secrets, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application ZOOKEEPER BATTLE published at the 'play' market has multiple vulnerabilities...

FortiWLC Undocumented Hardcoded core Account

FortiWLC comes with a hardcoded account named 'core' which is used by Meru Access Points to send core dumps to the FortiWLC and has read/write privileges over various parts of the system...

Ubuntu: Security Advisory (USN-3115-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated python-django packages fix security vulnerabilities

User with hardcoded password created when running tests on Oracle When running tests with an Oracle database, Django creates a temporary database user. In older versions, if a password isn't manually specified in the database settings TEST dictionary, a hardcoded password is used. This could allo...

MGASA-2016-0368 Updated python-django packages fix security vulnerabilities

User with hardcoded password created when running tests on Oracle When running tests with an Oracle database, Django creates a temporary database user. In older versions, if a password isn't manually specified in the database settings TEST dictionary, a hardcoded password is used. This could allo...

PostFinance Mobile - Customized SSL, Dangerous filesystem permissions, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application PostFinance Mobile published at the 'play' market has multiple vulnerabilities...

Ubuntu 14.04 LTS / 16.04 LTS : Django vulnerabilities (USN-3115-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3115-1 advisory. Marti Raudsepp discovered that Django incorrectly used a hardcoded password when running tests on an Oracle database. A remote attacker could...

USN-3115-1: Django vulnerabilities

Marti Raudsepp discovered that Django incorrectly used a hardcoded password when running tests on an Oracle database. A remote attacker could possibly connect to the database while the tests are running and prevent the test user with the hardcoded password from being removed. CVE-2016-9013 Aymeri...

USN-3115-1 python-django vulnerabilities

Marti Raudsepp discovered that Django incorrectly used a hardcoded password when running tests on an Oracle database. A remote attacker could possibly connect to the database while the tests are running and prevent the test user with the hardcoded password from being removed. CVE-2016-9013 Aymeri...

CVE-2016-9013

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually...

D-Link DWR-932B LTE router found multiple Backdoor-vulnerability warning-the black bar safety net

! If you have a similar to the DWR-9 3 2 B LTE D-Link router, don't wait for it to slow a firmware upgrade, or directly to give it is better. Allegedly the D-Link DWR-9 3 2 B LTE has more than 2 0 at risk, including Backdoor accounts, the default certificate, leakage of certificate, the firmware...

Unauthorized Access Vulnerability in D-Link DWR-932B LET Router WPS System

The D-Link DWR-932B LET is a wireless router. An unauthorized access vulnerability exists in the WPS system of the D-Link DWR-932B LET router. Since the WPS system PIN is hardcoded into the /bin/appmgr program, an attacker can exploit the vulnerability to use the PIN to access the wireless networ...

CVE-2016-6434

Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370...

CVE-2016-6434

Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370...

Hardcoded credentials

Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370...

CVE-2016-6434

Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370...

CVE-2016-6434

Cisco Firepower Management Center 6.0.1 is affected by CVE-2016-6434 due to hard-coded MySQL credentials in the local database. The vulnerability enables an authenticated, local attacker with CLI access to obtain sensitive information, effectively bypassing authentication through a root MySQL acc...

PT-2016-6908 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center version 6.0.1 Description: The issue allows local users to obtain sensitive information by leveraging CLI access due to hardcoded database credentials. Recommendations: For Cisco Firepower Management Center...

Billion Router 7700NR4 - Remote Command Execution Exploit

Exploit for hardware platform in category remote exploits Title : Billion Router 7700NR4 Remote Root Command Execution Date : 06/10/2016 Author : R-73eN Tested on: Billion Router 7700NR4 Vendor : http://www.billion.com/ Vulnerability Description: This router is a widely used here in Albania. It i...