CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm•added 2015/09/10 12:0 a.m.•49 views

SAP NetWeaver AS LSCT1I13 ABAP Hardcoded Credentials

ERPSCAN Research Advisory ERPSCAN-15-016 SAP NetWeaver – Hardcoded credentials Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS ABAP, probably others Vendor URL: http://SAP.com Bugs: Hardcoded credentials Sent: 06.03.2014 Reported: 07.03.2014 Vendor response: 07.03.2014 Date of Publ...

0.1AI score

CNVD•added 2015/09/10 12:0 a.m.•5 views

Hardcoded Credentials Vulnerability in Multiple Seagate and LaCie Wireless Storage Products

Seagate is the world's largest manufacturer of hard drives, disks and read/write heads, headquartered in California. A hard-coded credentials vulnerability exists in several Seagate and LaCie wireless storage products, which could be exploited by an attacker to access an undisclosed Telnet servic...

10CVSS6.9AI score0.04154EPSS

Exploits2References1

seebug.org•added 2015/09/09 12:0 a.m.•314 views

施耐德(Schneider) PLC 以太网模块固件后门

通过分析设备固件可以得知，文件系统中包含硬编码方式保存的用户凭证信息。这些信息主要用于提供对外的FTP服务升级服务。其中，问题代码位于/FLASH0/wwwroot/classes/SACommjar 包中，具体的Package路径： com.schneiderautomation.misc.TextFiles的第266行至268行位置。 package com.schneiderautomation.misc; import com.schneiderautomation.ftpsession.FTPSession; import...

10CVSS6.5AI score0.0404EPSS

Exploits1

Exploit DB•added 2015/09/08 12:0 a.m.•35 views

Cisco Sourcefire User Agent 2.2 - Insecure File Permissions

/ Cisco Sourcefire User Agent Insecure File Permissions Vulnerability Vendor: Cisco Product webpage: http://www.cisco.com Affected versions: Cisco SF User Agent 2.2 Fixed versions: Cisco SF User Agent 2.2-25 Date: 08/09/2015 Credits: Glafkos Charalambous CVE: Not assigned by Cisco BugId: CSCut448...

7.4AI score

exploitpack•added 2015/09/08 12:0 a.m.•14 views

Cisco Sourcefire User Agent 2.2 - Insecure File Permissions

Cisco Sourcefire User Agent 2.2 - Insecure File Permissions / Cisco Sourcefire User Agent Insecure File Permissions Vulnerability Vendor: Cisco Product webpage: http://www.cisco.com Affected versions: Cisco SF User Agent 2.2 Fixed versions: Cisco SF User Agent 2.2-25 Date: 08/09/2015 Credits:...

7.4AI score

0day.today•added 2015/09/08 12:0 a.m.•19 views

Cisco Sourcefire User Agent 2.2 - Insecure File Permissions

Exploit for windows platform in category local exploits / Cisco Sourcefire User Agent Insecure File Permissions Vulnerability Vendor: Cisco Product webpage: http://www.cisco.com Affected versions: Cisco SF User Agent 2.2 Fixed versions: Cisco SF User Agent 2.2-25 Date: 08/09/2015 Credits: Glafkos...

6.8AI score

seebug.org•added 2015/09/01 12:0 a.m.•44 views

Schneider Electric Modicon M340 PLC Station P34模块Web Servers安全漏洞

漏洞详情：Schneider Electric Modicon M340 PLC Station P34 module是法国施耐德电气（Schneider Electric）公司的一款可编程控制器。Schneider Electric Modicon M340 PLC Station P34模块中存在安全漏洞。远程攻击者可利用该漏洞获取敏感信息，在Web服务器进程上下文中执行任意代码，绕过身份验证机制，获取受影响设备的访问权限。漏洞类型远程利用影响硬编码身份认证是远程代码执行本地文件包含否目录遍历/文件篡改远程代码包含是远程代码执行/拒绝服务攻击跨站脚本攻击是获取敏感信息影响设备版本：...

7.1AI score

NVD•added 2015/08/31 2:59 p.m.•17 views

CVE-2015-6743

Basware Banking Maksuliikenne 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to...

6.5CVSS6.3AI score0.01139EPSS

NVD•added 2015/08/31 2:59 p.m.•19 views

CVE-2015-6742

Basware Banking Maksuliikenne before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to...

6.5CVSS6.2AI score0.01157EPSS

Prion•added 2015/08/31 2:59 p.m.•17 views

Hardcoded credentials

6.5CVSS6.5AI score0.01139EPSS

Prion•added 2015/08/31 2:59 p.m.•20 views

Hardcoded credentials

6.5CVSS6.5AI score0.01157EPSS

Cvelist•added 2015/08/31 2:8 p.m.•25 views

CVE-2015-6743

6.3AI score0.01139EPSS

CVE•added 2015/08/31 2:8 p.m.•37 views

CVE-2015-6743

Basware Banking (Maksuliikenne) 8.90.07.X is affected by a hardcoded password vulnerability. The hardcoded credential allows remote authenticated users to bypass intended access restrictions by exploiting knowledge of the password. Public descriptions indicate the issue affects 8.90.07.X and earl...

6.5CVSS6.4AI score0.01139EPSS

CVE•added 2015/08/31 2:8 p.m.•43 views

CVE-2015-6742

CVE-2015-6742 affects Basware Banking (Maksuliikenne) prior to 8.90.07.X, where a hard-coded ANCO account password allows remote authenticated users to bypass access restrictions. The issue is documented across multiple sources (including CNVD-2015-05813) as a hard-coded-credential vulnerability ...

6.5CVSS6.4AI score0.01157EPSS

Cvelist•added 2015/08/31 2:8 p.m.•17 views

CVE-2015-6742

6.2AI score0.01157EPSS

Prion•added 2015/08/23 9:59 p.m.•8 views

Hardcoded credentials

Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface...

8.3CVSS7.3AI score0.00892EPSS

Exploits0References1Affected Software1

Prion•added 2015/08/23 9:59 p.m.•18 views

Hardcoded credentials

Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password...

9CVSS7.2AI score0.02563EPSS