barracudeHardcode.txt

Title: Barracuda Hardcoded Password Vulnerability Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair [email protected] Discovered on: 28 May 2006 Overview: Barracuda Sp...

CVE-2006-4082

Barracuda Spam Firewall BSF, possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 localhost, which allows local users to gain privileges...

CVE-2006-4082

Barracuda Spam Firewall BSF, possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 localhost, which allows local users to gain privileges...

CVE-2006-4082

Barracuda Spam Firewall (BSF) is affected by CVE-2006-4082. Concrete details from connected sources indicate default credentials in affected BSF firmware: versions 3.3.01.001 to 3.3.02.053 expose a guest account and a fixed admin password that cannot be modified by an administrator, enabling a re...

Barracuda Spam Firewall multiple security vulnerabilities

Login.pm Web-interface hardcoded guest account password, /cgi-bin/previewemail.cgi directory traversal...

Barracuda Spam Firewall <= 3.3.03.053 Remote Code Execution

Exploit for hardware platform in category remote exploits =========================================================== Barracuda Spam Firewall = 3.3.03.053 Remote Code Execution =========================================================== Title: Barracuda Arbitrary File Disclosure + Command Executi...

[Full-disclosure] Barracuda Spam Firewall: Administrator Level Remote Command Execution [ID-20060804-01]

Severity: High - Full system compromise possible Date: 04 August 2006 Discovered by: Matthew Hall [email protected] Credits for original discovery to Greg Sinclair Discovered on: 03 Aug 2006 Summary: Lack of input sanitisation in the Linux based Barracuda spam firewall web interface allows executio...

Barracuda Vulnerability: Hardcoded Password [NNL-20060801-01]

Title: Barracuda Hardcoded Password Vulnerability Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair [email protected] Discovered on: 28 May 2006 Overview: Barracuda Sp...

Improper Validation of User-mode Pointers

Improper Validation of User-mode Pointers Many of the hooks that KAV installs and even the custom system services suffer from flaws that are detrimental to the operation of the system. For instance, KAV's modified NtOpenProcess attempts to determine if a user address is valid by comparing it to t...

Hardcoded credentials

Secure Elements Class 5 AVR server aka C5 EVM before 2.8.1 uses a hard-coded user ID and password, which allows remote attackers to gain access to the server...

Hardcoded credentials

iOpus Secure Email Attachments SEA, probably 1.0, does not properly handle passwords that consist of repetitions of a substring, which allows attackers to decrypt files by entering only the substring...

Hardcoded credentials

Control cards for Cisco Optical Networking System ONS 15000 series nodes before 20060405 allow remote attackers to cause a denial of service card reset via 1 a "crafted" IP packet to a device with secure mode EMS-to-network-element access, aka bug ID CSCsc51390; 2 a "crafted" IP packet to a devic...

Hardcoded credentials

CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial announcement of this risk was made on our website... and it included a patch which will close the...

Hardcoded credentials

Advantage Century Telecommunication ACT P202S IP Phone 1.01.21 running firmware 1.1.21 on VxWorks uses a hardcoded Network Time Protocol NTP server in Taiwan, which could allow remote attackers to provide false time information, block access to time information, or conduct other attacks...

CVE-2006-0375

Advantage Century Telecommunication ACT P202S IP Phone 1.01.21 running firmware 1.1.21 on VxWorks uses a hardcoded Network Time Protocol NTP server in Taiwan, which could allow remote attackers to provide false time information, block access to time information, or conduct other attacks...

CVE-2006-0375

The CVE-2006-0375 entry applies to Advantage Century Telecommunication (ACT) P202S IP Phone, running firmware 1.1.21 on VxWorks. The issue is a hardcoded NTP server (Taiwan) that could let an attacker supply false time, block time information, or perform related attacks. The available connected d...

CVE-2005-3725

Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent...

CVE-2005-3725

Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent...

CVE-2005-3725

Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers. This can let remote attackers cause a denial of service or hijack Zyxel phones by attacking or spoofing those hardcoded DNS servers. The issue is described in CVE-2005-3725; exploitation details are n...

CVE-2004-2557

CVE-2004-2557 affects NetGear WG602 (WG602v1) Wireless Access Point 1.7.14, which contains a hardcoded admin account: username "superman" and password "21241036". This permits remote configuration changes by an attacker. Connected documents confirm the concrete details; exploitation status and fi...