Hardcoded credentials

Unspecified vulnerability in HP Service Manager HPSM before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors...

smtp-open-relay NSE Script

Attempts to relay mail by issuing a predefined combination of SMTP commands. The goal of this script is to tell if a SMTP server is vulnerable to mail relaying. An SMTP server that works as an open relay, is a email server that does not verify if the user is authorised to send email from the...

Hardcoded credentials

The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service application crash via a font tag with a long color value, which triggers an assertion error...

Motorola Timbuktu's Internet Locator Service real-time data exposed to public.

We just want to make a public warning to those users of Motorola/Netopia Timbuktu Remote Control Software who are using the Internet Locator service. This service allows to locate any Timbuktu's user just by knowing the email. More than five months ago we notified Netopia's customer support...

timbuktu-pwn.txt

We just want to make a public warning to those users of Motorola/Netopia Timbuktu Remote Control Software who are using the Internet Locator service. This service allows to locate any Timbuktu's user just by knowing the email. More than five months ago we notified Netopia's customer support...

Hardcoded credentials

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending ...

Spree Hardcoded config.action_controller_session Hash Value Cryptographic Protection Weakness

Spree contains a hardcoded flaw related to the config.actioncontrollersession hash value. This may allow an attacker to more easily bypass cryptographic protection...

Hardcoded credentials

The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a differe...

[Full-disclosure] Oracle - Hardcoded Password and Password Reset of OUTLN User [DB13]

Oracle - Hardcoded Password and Password Reset of OUTLN User DB13 Systems Affected 9i Rel. 1 - 10g Rel. 2 Severity High Risk Category Hardcoded Default Password & Password Reset Vendor URL http://www.oracle.com/ Author Alexander Kornbrust Advisory 16 April 2008 V 1.00 Advisory URL...

Hardcoded credentials

ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges...

CVE-2008-1160

ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges...

Hardcoded credentials

Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topiclist URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link...

Hardcoded credentials

The outboxWriteUnsent function in FTPThread.class in SendFile.jar for Beehive Software SendFile.NET uses hard-coded credentials for an FTP server, which allows remote attackers to gain privileges...

Beehive/SendFile.NET - Secure File Transfer Appliance hardcoded credentials

There is hardcoded FTP account sfoutbox/sfoutbox...

Beehive/SendFile.NET - Secure File Transfer Appliance Hardcoded Credentials

Title: Beehive/SendFile.NET - Secure File Transfer Appliance Hardcoded Credentials Vendor: Beehive Software Vendor URL: http://www.thebeehive.com/ Affected File: http://host/sfcommon/SendFile.jar Vendor Contact Date: 7/26/2007 Vendor Response: None Workaround: The simplest way to protect against...

Debian Security Advisory DSA 787-1 (backup manager)

The remote host is missing an update to backup manager announced via advisory DSA 787-1. Two bugs have been found in backup-manager, a command-line driven backup utility. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-1855 Jeroen Vermeulen discovered...

Hardcoded credentials

Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors...

Hardcoded credentials

hpssd in Hewlett-Packard Linux Imaging and Printing Project hplip 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail...

Hardcoded credentials

Interpretation conflict in the Sun Java Virtual Machine JVM allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet...

Hardcoded credentials

Microsoft Windows Media Player WMP 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expec...