CVE-2014-5422

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors...

Hardcoded credentials

CareFusion Pyxis SupplyStation 8.1 with hardware test tool 1.0.16 and earlier has a hardcoded database password, which makes it easier for local users to gain privileges by leveraging cabinet access...

Hardcoded credentials

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors...

Hardcoded credentials

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors...

CVE-2014-5421

CareFusion Pyxis SupplyStation 8.1 with hardware test tool 1.0.16 and earlier has a hardcoded database password, which makes it easier for local users to gain privileges by leveraging cabinet access...

CVE-2014-5422

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors...

CVE-2014-5421

CareFusion Pyxis SupplyStation system (version 8.1 with hardware test tool 1.0.16 and earlier) contains a hard-coded database password that can allow local users with cabinet access to gain privileges. CVE-2014-5421 is documented with a base vulnerability tied to hard-coded credentials; NVD notes...

CVE-2014-5420

CVE-2014-5420 affects CareFusion Pyxis SupplyStation 8.1 with hardware test tool software versions up to 1.0.15. The vulnerability is hard-coded passwords in service and application accounts (and insecure temporary files) that could allow remote authenticated access to application files via unspe...

CVE-2014-5422

CVE-2014-5422 affects CareFusion Pyxis SupplyStation system 8.1 with hardware test tool prior to 1.0.16. The vulnerability is due to a hardcoded service password that grants admin privileges, enabling a remote attacker to gain access through unspecified vectors (remote exploitation possible if ne...

CVE-2014-5420

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors...

NETIS DL4322D Multiple Vulnerabilities

NETIS DL4322D 300Mbps Wireless N ADSL2+ modem router suffers from cross site request forgery, cross site scripting, and denial of service vulnerabilities. Vulnerable Device: NETIS DL4322D 300Mbps Wireless N ADSL2+ Modem Router Multiple vulnerabilites Other models of netis may also suffer from thi...

Hardcoded credentials

The Hanyang University Admissions aka kr.ac.hanyang.planner application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

NETIS DL4322D XSS / CSRF / DoS

Vulnerable Device: NETIS DL4322D 300Mbps Wireless N ADSL2+ Modem Router Multiple vulnerabilites Other models of netis may also suffer from this vulns Vendor: http://www.netis-systems.com Product overview: http://www.netis-systems.com/en/products/ADSL2+-Wireless-Modem-Router/941.html The netis...

[CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It!

Hi, tl;dr - I am releasing two 0 day exploits for BMC Track-It!. One is a RCE and the other gets you the domain admin and SQL database creds. Other minor vulns are also disclosed. Details below. CERT handled the disclosure for these vulnerabilities see CERT VU121036 and according to them BMC didn...

BMC Track-It! - Multiple Vulnerabilities

BMC Track-it! suffers from code execution, arbitrary file download, and remote SQL injection vulnerabilities. Multiple critical vulnerabilities in BMC Track-It! Discovered by Pedro Ribeiro email protected, Agile Information Security...

Hardcoded credentials

The Hillside aka com.hillside.hermanus application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Hardcoded credentials

The Harem Thief Dating aka com.haremthief.haremthief application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-4752

IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM fo...

Hardcoded credentials

IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM fo...

CVE-2014-4752

IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM fo...