Collaborate Disseminate
According to the reporter,ACTi devices including D,B,I,and E series models using firmware version A1D-500-V6.11.31-AC are vulnerable to several issues. Continue reading VU#355151: ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities
ICS-CERT warns of default credentials in Schneider Electric Wonderware Historian that can be abused to compromise Historian databases. Continue reading Default Credentials Found in Schneider Electric Wonderware Historian
Insecure Hadoop and CouchDB installations are the latest attack targets of cybercriminals who are hijacking and deleting stolen data. Continue reading Hadoop, CouchDB Next Targets in Wave of Database Attacks
Command injection vulnerabilities and accessible default admin credentials in home routers distributed by Thailand’s largest broadband provider remain unpatched despite private disclosures to the vendors last July. Continue reading Router Vulnerabilities Disclosed in July Remain Unpatched
Green Packet DX-350 uses default credentials Continue reading VU#970379: Green Packet DX-350 contains insecure default credentials
Nuuo NT-4040 Titan,firmware NT-4040_01.07.0000.0015_1120,uses default credentials Continue reading VU#326395: Nuuo NT-4040 firmware contains insecure default credentials
Synology NAS servers DS107,DS116,and DS213,use default credentials. Continue reading VU#404187: Synology NAS servers contain insecure default credentials
Intellian Satellite TV antennas t-Series and v-Series,firmware version 1.07,uses default credentials. Continue reading VU#200907: Intellian Satellite TV t-Series and v-Series firmware contains insecure default credentials
Open Dental is medical dental records management software. Open Dental version 16.1,and previous versions,installs with a blank root database(MySQL)password by default.. An attacker with network access to an Open Dental MySQL database could read,modify,or delete data. This Vulnerability Note initially,and incorrectly,stated that Open Dental used hard coded credentials. The Impact section also implied that in its default configuration,the Open Dental database was available over remote networks such as the internet. An Open Dental database would need to be specifically configured to allow remote network access. Continue reading VU#619767: Open Dental uses blank database password by default
Crestron Electronics DM-TXRX-100-STR,version 1.2866.00026 and earlier,has a web management interface which contains multiple vulnerabilities,including authentication bypass,failure to restrict access to authorized users,use of hard-coded certificate,default credentials,and cross-site request forgery(CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices. Continue reading VU#974424: Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities