Schneider Electric Quantum Ethernet Module Hardcoded Credentials (Telnet)

Schneider Electric Quantum Ethernet Module is using known default credentials. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Schneider Electric Quantum Ethernet Module Hardcoded Credentials (FTP)

Schneider Electric Quantum Ethernet Module is using known hardcoded credentials. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

perl-CGI-Simple: - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting

The multipartinit function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v...

Quest / Dell KACE K2000 Systems Deployment Appliance (SDA) < 3.7 Hardcoded Credentials (HTTP)

The Quest / Dell KACE K2000 System Deployment Appliance SDA contains a hidden administrator account that allows a remote attacker to take control of an affected device. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright ...

Singtel 2Wire Hardcoded Password / Cross Site Request Forgery

CVE-2011-3682: 2WIRE-SINGTEL 2701HGV-E/2700HGV-2/2700HG GATEWAY ROUTER MANAGEMENT AND DIAGNOSTIC CONSOLE VULNERABILITY 1. BACKGROUND AND AFFECTED MODELS/FIRMWARE SingTel provides customized versions of 2Wire gateway routers to its Internet service subscribers for the purpose of accessing the web...

CVE-2010-4965

/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server...

CVE-2010-4965

/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server...

Hardcoded credentials

/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server...

AdvancedDvdPlayer Local Exploit

Exploit for windows platform in category local exploits / Not so usual exploit method Local Heapoverflow exploit An Advanced Exploit For An AdvancedDvdPlayer ; 02-10-2011 AdvancedDvdPlayer 3.03 Download Link : http://download.cnet.com/Advanced-DVD-Player/3000-21394-10310889.html?tag=mncol;3 Teste...

cvs-brute-repository NSE Script

Attempts to guess the name of the CVS repositories hosted on the remote server. With knowledge of the correct repository name, usernames and passwords can be guessed. Script Arguments cvs-brute-repository.repofile a file containing a list of repositories to guess cvs-brute-repository.nodefault wh...

Hardcoded credentials

functions/pageheader.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

Hardcoded credentials

Opera before 11.10 allows remote attackers to cause a denial of service application crash via an HTML document that has an empty parameter value for an embedded Java applet...

Hardcoded credentials

The HTML parser in Google Chrome before 12.0.742.112 does not properly address "lifetime and re-entrancy issues," which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

IBM Tivoli Endpoint Manager - POST Query Buffer Overflow (Metasploit)

$Id: ibmtivoliendpointbof.rb 12925 2011-06-12 00:04:55Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

IBM Tivoli Endpoint Manager POST Query Buffer Overflow

This module exploits a stack based buffer overflow in the way IBM Tivoli Endpoint Manager versions 3.7.1, 4.1, 4.1.1, 4.3.1 handles long POST query arguments. This issue can be triggered by sending a specially crafted HTTP POST request to the service lcfd.exe listening on TCP port 9495. To trigge...

Nmap NSE net: smtp-open-relay

Attempts to relay mail by issuing a predefined combination of SMTP commands. The goal of this script is to tell if a SMTP server is vulnerable to mail relaying. An SMTP server that works as an open relay, is a email server that does not verify if the user is authorised to send email from the...

perl-CGI-Simple: - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting

CRLF injection vulnerability in the header function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline...

perl-CGI-Simple: - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting

The multipartinit function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v...

CVE-2011-0756

The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port...

Hardcoded credentials

The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port...