PT-2014-4971 · Cobham · Cobham Sailor 6000

Name of the Vulnerable Software and Affected Versions: Cobham Sailor 6000 satellite terminals affected versions not specified Description: The issue concerns hardcoded Tbus 2 credentials in Cobham Sailor 6000 satellite terminals. This allows remote attackers to obtain access via a TBUS2 command...

CVE-2013-5433

The Data Growth Solution for JD Edwards EnterpriseOne in IBM InfoSphere Optim 3.0 through 9.1 has hardcoded database credentials, which allows remote authenticated users to obtain sensitive information by reading an unspecified field in an XML document...

CVE-2013-5433

The CVE-2013-5433 issue concerns the Data Growth Solution for JD Edwards EnterpriseOne used with IBM InfoSphere Optim 3.0–9.1, where hardcoded database credentials are stored within the solution. This allows remote authenticated users to disclose sensitive information by reading an unspecified fi...

CVE-2013-5433

The Data Growth Solution for JD Edwards EnterpriseOne in IBM InfoSphere Optim 3.0 through 9.1 has hardcoded database credentials, which allows remote authenticated users to obtain sensitive information by reading an unspecified field in an XML document...

Iridium Pilot and OpenPort contain multiple vulnerabilities

Overview Broadband satellite terminals using Iridium Pilot and OpenPort have been found to contain undocumented hardcoded login credentials CWE-798. Additionally, these broadband satellite terminals utilize an insecure proprietary communications protocol that allows unauthenticated users to perfo...

Cobham Sailor 6000 series satellite terminal contain hardcoded credentials

Overview Cobham Sailor 6000 series satellite terminals contain hardcoded credentials for communicating via the Tbus 2 protocol. Description Note: this is a different vulnerability from VU460687CWE-798: Use of Hard-coded Credentials IOActive reports that Cobham Sailor 6000 series satellite...

Cobham Sailor satellite terminals contain hardcoded credentials

Overview Cobham Sailor 900 and 6000 series satellite terminals contain hardcoded credentials. Description CWE-798: Use of Hard-coded Credentials IOActive reports that Cobham Sailor 900 and 6000 series satellite communication terminals running firmware version: 1.08 MFHF / 2.11 VHF contain hardcod...

CVE-2014-2363

Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request...

CVE-2014-2363 Morpho Itemiser 3 Hard-Coded Credential

Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request...

Lian Li NAS - Multiple Vulnerabilities

No description provided by source. Exploit Title: Lian Li NAS Multiple vulnerabilities Date: 21/07/2014 Exploit Author: pws Vendor Homepage: http://www.lian-li.com/en/dtportfoliocategory/nas/ Firmware Link: https://www.dropbox.com/s/imvkndl8m5yj7qp/G5S604121826700.tar.gz Tested on: Latest version...

Hardcoded credentials

The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during...

Lian Li NAS Hardcoded Cookie / Bypass / Privilege Escalation

Exploit Title: Lian Li NAS Multiple vulnerabilities Date: 21/07/2014 Exploit Author: pws Vendor Homepage: http://www.lian-li.com/en/dtportfoliocategory/nas/ Firmware Link: https://www.dropbox.com/s/imvkndl8m5yj7qp/G5S604121826700.tar.gz Tested on: Latest version CVE : None yet 1. Hardcoded cookie...

Lian Li NAS - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Exploit Title: Lian Li NAS Multiple vulnerabilities Date: 21/07/2014 Exploit Author: pws Vendor Homepage: http://www.lian-li.com/en/dtportfoliocategory/nas/ Firmware Link: https://www.dropbox.com/s/imvkndl8m5yj7qp/G5S604121826700.tar.gz...

Lian Li NAS - Multiple Vulnerabilities

Exploit Title: Lian Li NAS Multiple vulnerabilities Date: 21/07/2014 Exploit Author: pws Vendor Homepage: http://www.lian-li.com/en/dtportfoliocategory/nas/ Firmware Link: https://www.dropbox.com/s/imvkndl8m5yj7qp/G5S604121826700.tar.gz Tested on: Latest version CVE : None yet 1. Hardcoded cookie...

Lian Li NAS - Multiple Vulnerabilities

Lian Li NAS - Multiple Vulnerabilities Exploit Title: Lian Li NAS Multiple vulnerabilities Date: 21/07/2014 Exploit Author: pws Vendor Homepage: http://www.lian-li.com/en/dtportfoliocategory/nas/ Firmware Link: https://www.dropbox.com/s/imvkndl8m5yj7qp/G5S604121826700.tar.gz Tested on: Latest...

CVE-2013-5755

config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of 1 user s7C9Cx.rLsWFA for the user account, 2 admin uoCbM.VEiKQto for the admin account, and 3 var jhl3iZAe./qXM for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors...

Hardcoded credentials

config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of 1 user s7C9Cx.rLsWFA for the user account, 2 admin uoCbM.VEiKQto for the admin account, and 3 var jhl3iZAe./qXM for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors...

CVE-2013-5755

config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of 1 user s7C9Cx.rLsWFA for the user account, 2 admin uoCbM.VEiKQto for the admin account, and 3 var jhl3iZAe./qXM for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors...

CVE-2013-5755

CVE-2013-5755 affects Yealink IP Phone SIP-T38G. The public records disclose a hardcoded credential issue in the web interface: config/.htpasswd contains user (s7C9Cx.rLsWFA), admin (uoCbM.VEiKQto), and var (jhl3iZAe./qXM) passwords, enabling remote access via unspecified vectors. Connected sourc...

CVE-2014-2951

Datum Systems SnIP on PSM-500 and PSM-4500 devices has a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors...