7549 matches found
Billion Router 7700NR4 Remote Root Command Execution
Title : Billion Router 7700NR4 Remote Root Command Execution Date : 06/10/2016 Author : R-73eN Tested on: Billion Router 7700NR4 Vendor : http://www.billion.com/ Vulnerability Description: This router is a widely used here in Albania. It is given by a telecom provider to the home and bussiness...
Billion 7700NR4 Router - Remote Command Execution
Billion 7700NR4 Router - Remote Command Execution Title : Billion Router 7700NR4 Remote Root Command Execution Date : 06/10/2016 Author : R-73eN Tested on: Billion Router 7700NR4 Vendor : http://www.billion.com/ Vulnerability Description: This router is a widely used here in Albania. It is given ...
Billion 7700NR4 Router - Remote Command Execution
Title : Billion Router 7700NR4 Remote Root Command Execution Date : 06/10/2016 Author : R-73eN Tested on: Billion Router 7700NR4 Vendor : http://www.billion.com/ Vulnerability Description: This router is a widely used here in Albania. It is given by a telecom provider to the home and bussiness...
CVE-2016-7560
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors...
CVE-2016-7560
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors...
CVE-2016-7560
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors...
Hardcoded credentials
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors...
CVE-2016-7560
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors...
CVE-2016-7560
CVE-2016-7560 affects Fortinet FortiWLC: the rsyncd server in FortiWLC versions up to 8.2-4-0 uses a hardcoded rsync account, enabling remote attackers to read or write arbitrary files via unspecified vectors. This vulnerability stems from the hardcoded credential/account in the rsync service, wi...
Battle Camp - Dangerous filesystem permissions, Hardcoded secrets, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Battle Camp published at the 'play' market has multiple vulnerabilities...
FortiWLC Undocumented Hardcoded Rsync Account
FortiWLC runs a rsyncd server, historically used for High-Availability purpose. This server comes with a hardcoded account, which has read/write privileges over various parts of the system...
Backdoored D-Link Router Should be Trashed, Researcher Says
A researcher who found a slew of vulnerabilities in a popular router said it’s so hopelessly broken that consumers who own them should throw them away. Pierre Kim said attackers could easily exploit the vulnerabilities and use the device as a spamming zombie or a man-in-the-middle tool. “I advise...
CVE-2016-6532
DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXISDATA SQL Server session...
CVE-2016-6531
Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a...
Hardcoded credentials
Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a...
Hardcoded credentials
DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXISDATA SQL Server session...
CVE-2016-6531
Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a...
CVE-2016-6532
CVE-2016-6532 affects DEXIS Imaging Suite 10, which contains hard-coded credentials for the sa account, enabling remote administrative access to the DEXIS_DATA SQL Server session. The vulnerability emerges from hard-coded database credentials and can lead to full compromise of the patient databas...
CVE-2016-6531
CVE-2016-6531 concerns Open Dental (versions 16.1 and earlier) with a vulnerability stemming from a default MySQL credential setup. A hardcoded/blank root password (as noted by sources) could allow an attacker with network access to the Open Dental MySQL database to read, modify, or delete data. ...
CVE-2016-6532
DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXISDATA SQL Server session...