CVE-2021-38969

IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. IBM X-Force ID: 212609...

Design/Logic Flaw

IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. IBM X-Force ID: 212609...

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Tyler Technologies, a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. The company declined to discuss the exact cause of the disruption, but the...

CVE-2019-12622

A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging i...

CVE-2019-12622 Cisco RoomOS Software Privilege Escalation Vulnerability

A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging i...

CVE-2019-12622 Cisco RoomOS Software Privilege Escalation Vulnerability

A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging i...

Directory traversal

ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including...

Design/Logic Flaw

DISPUTED Default and unremovable support credentials user:lutron password:integration allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this ...

Design/Logic Flaw

DISPUTED Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because...

CVE-2018-11681

Default and unremovable support credentials user:nwk password:nwk2 allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a...

Design/Logic Flaw

DISPUTED Default and unremovable support credentials user:nwk password:nwk2 allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not bei...

CVE-2018-11681

CVE-2018-11681 : The connected OpenVAS entry confirms a vulnerability in Lutron devices using the RadioRA 2 integration protocol (Revision M–Y) where default credentials (user: nwk, pass: nwk2) provide full superuser access via Telnet. This allows complete control of the IoT device over the netwo...

CVE-2018-11629

CVE-2018-11629 affects Lutron HomeWorks QS devices using the HomeWorks QS integration protocol (Rev M–Y). The issue arises from default, unremovable credentials (user: lutron, password: integration) that permit Telnet access and full admin-like control of the IoT device. Exploitation appears to e...

MediaWiki - 'Thumb.php' Remote Command Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'MediaWiki Thumb.php Remote Command Execution', 'Description' = %q MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x...