[FD] Raritan PowerIQ default credentials

Hello list, Raritan PowerIQ ships with a few default accounts and passwords/hashes. For the web interface, there are technically 3 default users. web_api:sl33p30F00dumass! epiq_api:raritan admin:raritan You can technically authenticate with the epiq_api user on the web interface and the PowerIQ

[FD] Silver Peak VXOA Multiple Vulnerabilities

(, ) (, . '.' ) ('.', ). , ('. ( ) ( (_,) .'), ) _ _, / _/ / _ \ _ \ \==/ /_\ \ _/ ___\/ _ \ / \ / \/ |\\ \__( <_> ) Y Y \ /__ /\___|__ / \___ >/|__|_| / \/ \/.-.\/ \/:wq

[FD] OpenLDAP ber_get_next Denial of Service

(, ) (, . '.' ) ('.', ). , ('. ( ) ( (_,) .'), ) _ _, / _/ / _ \ _ \ \==/ /_\ \ _/ ___\/ _ \ / \ / \/ |\\ \__( <_> ) Y Y \ /__ /\___|__ / \___ >/|__|_| / \/ \/.-.\/ \/:wq

[FD] [ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository

ERPSCAN Research Advisory [ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository Application: SAP Mobile Platform Versions Affected: SAP Mobile Platform 3, probably others Vendor URL: http://SAP.com Bugs: XML External Entity Sent: 13.03.2015 Reported: 14.03.2015 Vendor response:

[FD] [ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials

ERPSCAN Research Advisory [ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS ABAP, probably others Vendor URL: http://SAP.com Bugs: Hardcoded credentials Sent: 06.03.2014 Reported: 07.03.2014 Vendor response:

[FD] [ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials

ERPSCAN Research Advisory [ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS ABAP, probably others Vendor URL: http://SAP.com Bugs: Hardcoded credentials Sent: 06.03.2014 Reported: 07.03.2014 Vendor response:

[FD] CubeCart 6.0.6 > 5.2.12 admin hijacking vulnerability

Application: CubeCart 6.0.6 > 5.2.12 Fixed: 07/09/2015 (6.0.7) Credits: Fernando Câmara @overflowy Title: Admin account hijacking vulnerability Dork: inurl:"index.php?_a=" Requirements: Default admin recovery functions enabled... Knowledge of the admin account email P.O.C Its possi

[FD] DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584

Information Advisory by Netsparker. Name: XSS Vulnerability in DataTables Affected Software : DataTables Affected Versions : 1.10.8 and possibly below Vendor Homepage : https://github.com/DataTables/DataTables Vulnerability Type : Cross-site Scripting Severity : Important Statu

[FD] Defense in depth -- the Microsoft way (part 34): our developers and our QA still ignore our own security recommendations

Hi @ll, part 16 showed the about 2000 [*] registry entries of Windows 8.1 where Microsoft's developers ignore their companies own security recommendations and use unqualified pathnames. Unfortunately they still ignore these recommendations with Wi

[FD] Nokia Solutions and Networks @vantage - Multiple Reflected XSS

Document Title: == Nokia Solutions and Networks @vantage - Multiple Reflected XSS Release Date: 9 Sep 2015 Abstract Advisory Information: = Ugur Cihan Koc discovered twentySeven Reflected XSS vulnerability in Nokia NSN @vantage Vulnerability D

Re: [FD] Schneider Electric CitectSCADA Insecure DLL Loading Code Execution Vulnerability

If I can write a file to "C:\Program Files", I already have administrative access to the machine. http://blogs.msdn.com/b/oldnewthing/archive/2012/12/07/10375415.aspx -Original Message- From: "Praveen D" Sent: Friday, September 4, 2015 6:41am To: fulldisclosure@seclists.org Subject: [FD]