undocumented software vulnerabilities
vulnerabilities.aspcode.net
Searching undocumented software vulnerabilities
Web server in Tektronix PhaserLink Printer 840.
PhaserLink
|
Tektronix
|
Printer
|
server
|
Web
|
Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a remote attacker to gain administrator access by directly calling undocumented URLs such as ncl_items.html and ncl_subjects.html.
NetStructure 7110 and 7180 have undocumented ac
NetStructure
|
NetStructure 7110 and 7180 have undocumented accounts (servnow, root, and wizard) whose passwords are easily guessable from the NetStructure's MAC address, which could allow remote attackers to gain root access.
Crosscom/Olicom XLT-F running XL 80 IM Version
Crosscom/Olicom
|
undocumented
|
community
|
attacker
|
default
|
running
|
Version
|
string
|
access
|
'ILMI'
|
allows
|
remote
|
Build
|
XLT-F
|
write
|
Level
|
SNMP
|
read
|
via
|
Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 allows a remote attacker SNMP read and write access via a default, undocumented community string 'ILMI'.
Cisco IOS 11.x and 12.0 with ATM support allows
Cisco
|
11x
|
IOS
|
Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a denial of service via the undocumented Interim Local Management Interface (ILMI) SNMP community string.
Standalone Macromedia Flash Player 5.0 allows r
undocumented
|
containing
|
Standalone
|
Macromedia
|
arbitrary
|
FSCommand
|
attackers
|
programs
|
"save"
|
allows
|
Player
|
remote
|
files
|
Flash
|
save
|
file
|
via
|
SWF
|
Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs via a .SWF file containing the undocumented "save" FSCommand.
Avaya Cajun switches P880, P882, P580, and P550
switches
|
P550R
|
Avaya
|
Cajun
|
P580
|
P880
|
P882
|
Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier contain undocumented accounts (1) manuf and (2) diag with default passwords, which allows remote attackers to gain privileges.
An undocumented extension for the Servlet mappi
specification
|
undocumented
|
upgrading
|
extension
|
WebLogic
|
mappings
|
Service
|
through
|
Express
|
Servlet
|
Server
|
Pack
|
BEA
|
An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension.
Mentor ADSL-FR4II router running firmware 2.00.
ADSL-FR4II
|
firmware
|
running
|
Mentor
|
router
|
Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented web server running on TCP port 5678, which allows local users to gain access.
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10
information
|
connection
|
sensitive
|
attackers
|
possibly
|
Version
|
service
|
obtain
|
direct
|
denial
|
Wj0010
|
P2000W
|
remote
|
allows
|
Zyxel
|
Phone
|
cause
|
port
|
WIFI
|
VOIP
|
via
|
UDP
|
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.
Cisco Security Monitoring, Analysis and Respons
Monitoring
|
Analysis
|
Response
|
Security
|
System
|
Cisco
|
Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented administrative account with a default password, which allows local users to gain privileges via the expert command.
MPM SIP HP-180W Wireless IP Phone WE.00.17 allo
information
|
connection
|
attackers
|
sensitive
|
Wireless
|
possibly
|
HP-180W
|
service
|
denial
|
direct
|
remote
|
allows
|
obtain
|
WE0017
|
Phone
|
cause
|
port
|
UDP
|
MPM
|
via
|
SIP
|
MPM SIP HP-180W Wireless IP Phone WE.00.17 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.
Advantage Century Telecommunication (ACT) P202S
Telecommunication
|
Advantage
|
Century
|
Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which (1) might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB remote debugging ONCRPC (aka wdbrpc) on UDP 17185, (2) reflect network data using echo (TCP 7), or (3) gain access without authentication using rlogin (TCP 513).
The internal database in Cisco Wireless Control
Wireless
|
database
|
internal
|
Control
|
System
|
Cisco
|
The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955).
Unspecified vulnerability in SAP Internet Graph
vulnerability
|
Unspecified
|
Internet
|
Graphics
|
Service
|
SAP
|
Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to "Undocumented Features." NOTE: it is possible that there are multiple issues. This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. This is likely a different issue than CVE-2006-4134.
Software vulnerabilities results 1 to 15 of 15
Page:
1