Hardcoded credentials

The embedded Internet Explorer server control in AOL Instant Messenger AIM 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected...

Default Root Password in Infrant (now Netgear) ReadyNAS "RAIDiator"

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Security Advisory Default Root Password in Infrant now Netgear ReadyNAS "RAIDiator" Release Date: August 13, 2007 Authors: Brian Chapados [email protected] Felix Domke [email protected] Timeline: Jul 25, 2007 - discovery Jul 29, 2007 - vendor...

Hardcoded credentials

The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access...

Cisco Network Services NetFlow Collection Engine default account

Account with hardcoded password is used for NetFlow information gathering...

Hardcoded credentials

Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192...

Hardcoded credentials

Mozilla Firefox 2.0.0.3 does not check URLs embedded in 1 object or 2 iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection...

Hardcoded credentials

The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.04SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device...

Hardcoded credentials

The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."...

Hardcoded credentials

The HTML Help ActiveX control Hhctrl.ocx in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters...

Hardcoded credentials

FreeProxy before 3.92 Build 1626 allows malicious users to cause a denial of service infinite loop via a HOST: header with a hostname and port number that refers to the server itself...

Barracuda Networks Spam Firewall存在多个漏洞

Barracuda Networks Spam Firewall是一款用于保护邮件服务器的集成硬件和软件垃圾邮件解决方案。 Barracuda Networks Spam Firewall存在多个安全问题，远程攻击者可以利用漏洞获得密码和文件信息。 Barracuda Networks Spam Firewall 3.3.01.001到3.3.02.053版本存在内置"guest"帐户密码"bnadmin99"，利用这个帐户可登录WEB接口。...

CVE-2006-5901

Hawking Technology wireless router WR254-CA uses a hardcoded IP address among the set of DNS server IP addresses, which could allow remote attackers to cause a denial of service or hijack the router by attacking or spoofing the server at the hardcoded address. NOTE: it could be argued that this...

CVE-2006-5901

Hawking Technology wireless router WR254-CA uses a hardcoded IP address among the set of DNS server IP addresses, which could allow remote attackers to cause a denial of service or hijack the router by attacking or spoofing the server at the hardcoded address. NOTE: it could be argued that this...

Hawking Technology wireless router WR254-CA DNS issue

Hi, I have discovered a security issue with Hawking Technology wireless router, model WR254-CA. Since they are still available on the market so I think it will be good to warn the community. This router contains a DNS address 139.175.55.244 hardcoded in the firmware. At least when used in DHCP...

Hawking Technology WR254-CA wireless routers hardcoded DNS server address

139.175.55.244 DNS address is hardcoded...

FiWin SS28S Wi-Fi phones backdoor account

Phone has debug console with telnet access and hardcoded account 1 with password 1...

[SA22041] Fi Win WiFi Phone SS28S Debug Console Security Issue

---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available:...

CVE-2006-4950

Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain...

barracudaExec.txt

Severity: High - Full system compromise possible Date: 04 August 2006 Discovered by: Matthew Hall [email protected] Credits for original discovery to Greg Sinclair Discovered on: 03 Aug 2006 Summary: Lack of input sanitisation in the Linux based Barracuda spam firewall web interface allows executio...

barracudeArbitrary.txt

Title: Barracuda Arbitrary File Disclosure Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair [email protected] Discovered on: 29 May 2006 Overview: Barracuda Spam...