5 matches found
CVE-2026-28778 Hardcoded FTP Credentials and LPE(via Insecure Permissions) for `xd` Local Account on IDC SFX2100
International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the xd user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the xd user has write permissions to their home...
SSH Key Persistence
This Metasploit module will add an SSH key to a specified user or all, to allow remote login via SSH at any time. No payload is required for this module to work. If an SSH key is not provided, a new 4096 bit RSA keypair will be generated. The private key will be stored as loot for later use...
Security Bulletin: IBM TS3500 Tape Library Update for Security Vulnerability in Web User Interface (CVE-2012-5767)
Abstract Download an update to the TS3500 Tape Library which contains a fix for a security vulnerability that could allow unauthorized access to restricted actions. Content DESCRIPTION: An authorized user of the TS3500 web user interface could exploit a vulnerability that would give that user a...
CVE-2015-6817
PgBouncer 1.6.x before 1.6.1, when configured with authuser, allows remote attackers to gain login access as authuser via an unknown username...
CVE-2015-8611
BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management AOM subsystem, which might allow remote attackers to obtain login access to AOM via an 1 expir...