31 matches found
Design/Logic Flaw
An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets updated from its default value of admin. This enables an attacker to gain control of the device through SSH regardless of whether the admin password was changed on the web interface...
CVE-2021-43284
An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets updated from its default value of admin. This enables an attacker to gain control of the device through SSH regardless of whether the admin password was changed on the web interface...
Accellion Kiteworks Elevation of Privilege Vulnerability
Accellion kiteworks is a next-generation mobile file sharing and collaboration platform that improves enterprise productivity and security. An elevation of privilege vulnerability exists in Accellion Kiteworks versions prior to 7.3.1. An attacker can exploit this vulnerability to access SSH...
CVE-2021-31585
Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access...
Cisco UCS / IMC Supervisor Authentication Bypass / Command Injection
Multiple critical vulnerabilities in Cisco UCS Director, Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data Discovered by Pedro Ribeiro [email protected] from Agile Information Security...
CVE-2014-9563
CRLF injection vulnerability in the web-based management WBM interface in Unify former Siemens OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users to modify the root password and consequently access the debug port using the serial interface via th...
Apple iPhone iOS Default SSH Password Exploit (.py)
This Exploits the default credentials of Apple iOS when it has been jailbroken and the passwords for the 'root' and 'mobile' users have not been changed. !/usr/bin/python This software opens a simple shell where you can type commands to send and works without Metasploit Exploit Title: Apple iPhon...
GitHub Search Down After Some Credentials and Crypto Keys Exposed
GitHub’s search capability remains dark Friday after it was discovered that the code-sharing site’s search feature could be used to dredge up passwords, private crypto keys, and other credentials developers use in their projects. GitHub is a popular collaboration site for open source software...
Apple iOS Default SSH Password Vulnerability
This module exploits the default credentials of Apple iOS when it has been jailbroken and the passwords for the root' and 'mobile' users have not been changed. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit...
Apple iOS Default SSH Password
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require 'net/ssh' class Metasploit3...
Symantec Messaging Gateway 9.5 Default SSH Password Vulnerability
This module exploits a default misconfiguration flaw on Symantec Messaging Gateway. The 'support' user has a known default password, which can be used to login to the SSH service, and gain privileged access from remote. This module requires Metasploit: https://metasploit.com/download Current...