Barco wePresent Hardcoded API Credentials
Authored by Jim Becher | Site korelogic.com
Barco wePresent device firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could...
Barco wePresent Admin Credential Exposure
Authored by Jim Becher | Site korelogic.com
An attacker armed with hardcoded API credentials from KL-001-2020-004 (CVE-2020-28329) can issue an authenticated query to display the admin password for the main...
Barco wePresent Authentication Bypass
Authored by Jim Becher | Site korelogic.com
The Barco wePresent WiPG-1600W version 2.5.1.8 web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a...
Barco wePresent Undocumented SSH Interface
Authored by Jim Becher | Site korelogic.com
Barco wePresent WiPG-1600W version 2.5.1.8 has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does...
Barco wePresent Global Hardcoded Root SSH Password
Authored by Jim Becher | Site korelogic.com
Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19 have a hardcoded root password hash included in the firmware image.
advisories | CVE-2020-28334
Change Mirror...
Boxoft Convert Master 1.3.0 Local Buffer Overflow
Authored by Achilles
Boxoft Convert Master version 1.3.0 SEH local buffer overflow exploit.
Change Mirror Download
# Exploit Title: Boxoft Convert Master 1.3.0 - 'wav' SEH Local Exploit# Date: 17.09.2020# Vendor Homepage:...
IBM Tivoli Storage Manager 5.2.0.1 Buffer Overflow
Authored by Paolo Stagno
IBM Tivoli Storage Manager version 5.2.0.1 suffers from a command line administrative interface buffer overflow vulnerability.
Change Mirror Download
# Exploit Title: IBM Tivoli Storage Manager Command Line...
Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution
Authored by Pedro Ribeiro, Radek Domanski | Site metasploit.com
This Metasploit module exploits a series of vulnerabilities to achieve unauthenticated remote code execution on the Rockwell FactoryTalk View SE SCADA...
Gitlab 12.9.0 Arbitrary File Read
Authored by Jasper Rasenberg
Gitlab version 12.9.0 authenticated arbitrary file read exploit. A file read vulnerability was previously discovered in this version in May of 2020 by KouroshRZ.
Change Mirror Download
#...
M/Monit 3.7.4 Privilege Escalation
Authored by Dolev Farhi
M/Monit version 3.7.4 suffers from a privilege escalation vulnerability.
Change Mirror Download
# Title: M/Monit 3.7.4 - Privilege Escalation# Author: Dolev Farhi# Date: 2020-07-09# Vendor Homepage: https://mmonit.com/# Version...