Hardcoded credentials

Datum Systems SnIP on PSM-500 and PSM-4500 devices has a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors...

CVE-2014-2951

Datum Systems SnIP on the PSM-500/PSM-4500 satellite modem devices contains a hardcoded admin password (admin) for the admin account, enabling remote attackers to gain access via unspecified vectors. CVE-2014-2951 is rated CVSS v2 base 10.0 (Network, no auth, complete confidentiality, integrity a...

CVE-2014-2951

Datum Systems SnIP on PSM-500 and PSM-4500 devices has a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors...

Datum Systems satellite modem devices contain multiple vulnerabilities

Overview Datum Systems PSM-4500 and PSM-500 series satellite modem devices contain multiple vulnerabilities Description CWE-220:Sensitive Data Under FTP Root - CVE-2014-2950The Datum Systems SnIP operating system on PSM-4500 and PSM-500 satellite modem devices has FTP enabled by default with no...

Hardcoded credentials

lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine CFME before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack...

CVE-2014-2198

Cisco Unified Communications Domain Manager CDM in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a binary file found in a different installation o...

CVE-2014-2969

NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to 1 produceburn.cgi, 2...

Hardcoded credentials

NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to 1 produceburn.cgi, 2...

Hardcoded credentials

Cisco Unified Communications Domain Manager CDM in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a binary file found in a different installation o...

CVE-2014-2969

The CVE-2014-2969 entry concerns NETGEAR NETGEAR GS108PE Prosafe Plus switches (firmware 1.2.0.5). A hard-coded credential pair, ntgruser:debugpassword, exists in the device and can be used via CGI endpoints (produce_burn.cgi, register_debug.cgi, bootcode_update.cgi) to gain access and upload fir...

CVE-2014-2969

NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to 1 produceburn.cgi, 2...

Sitecom N300/N600 Devices - Multiple Vulnerabilities

No description provided by source. Multiple vulnerabilities on Sitecom N300/N600 devices ===================================================== ADVISORY INFORMATION Title: Multiple vulnerabilities on Sitecom N300/N600 devices Discovery date: 01/06/2013 Release date: 19/08/2013 Credits: Roberto...

Oracle VM Server Virtual Server Agent Command Injection

No description provided by source. $Id: oraclevmagentutl.rb 10821 2010-10-25 20:58:49Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

ZTE ZXV10 W300 Router - Hardcoded Credentials

No description provided by source. Exploit Title: ZTE ZXV10 W300 router contains hardcoded credentials Date: 03 Feb 2014 Exploit Author: Cesar Neira Vendor Homepage: http://wwwen.zte.com.cn/ Version: ZTE ZXV10 W300 v2.1 CVE : CVE-2014-0329 Dork Shodan: Basic realm=index.htm References:...

Yealink VoIP Phone SIP-T38G - Default Credentials

No description provided by source. Title: Yealink VoIP Phone SIP-T38G Default Credentials Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team Vendor Homepage: http://www.yealink.com/Companyprofile.aspx Version: VoIP Phone SIP-T38G CVE: CVE-2013-5755 Description: Web interface use hardcoded defaul...

Franklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities

No description provided by source. Trustwave's SpiderLabs Security Advisory TWSL2014-001: Multiple Vulnerabilities in Franklin Fueling's TS-550 evo Published: 01/03/2014 Version: 1.0 Vendor: Franklin Fueling Systems http://www.franklinfueling.com/ Product: TS-550 evo device Version affected:...

IBM Tivoli Endpoint Manager POST Query Buffer Overflow

No description provided by source. $Id: ibmtivoliendpointbof.rb 12925 2011-06-12 00:04:55Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

Seagate BlackArmor NAS - Multiple Vulnerabilities

No description provided by source. Exploit Title: Seagate BlackArmor NAS Multiple Vulnerabilities Date: 2/17/14 Exploit Author: Shayan Sadigh twitter.com/r1pplex | [email protected] Vendor Homepage: http://www.seagate.com/external-hard-drives/network-storage/ Version: All BlackArmor NAS...

win32/xp pro sp3 (EN) 32-bit - add new local administrator 113 bytes

No description provided by source. / Title: win32/xp pro sp3 EN 32-bit - add new local administrator 113 bytes Author: Anastasios Monachos secuid0 - anastasiosmatgmaildotcom Method: Hardcoded opcodes kernel32.winexec@7c8623ad, kernel32.exitprocess@7c81cafa Tested on: WinXP Pro SP3 EN 32bit - Buil...

CylantSecure 1.0 Kernel Module Syscall Rerouting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2958/info CylantSecure is a commercial Linux hardening tool and security infrastructure available from Cylant Technology. A problem in the CylantSecure infrastructure could allow users to escape monitoring. A user with ro...