CVE-2014-9576

VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows remote attackers to obtain access.
Configurations

Configuration 1 (hide)

cpe:2.3:a:vdgsecurity:vdg_sense:2.3.13:*:*:*:*:*:*:*

History

21 Nov 2024, 02:21

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html - Exploit () http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html - Exploit
References () http://seclists.org/fulldisclosure/2014/Dec/76 - Exploit () http://seclists.org/fulldisclosure/2014/Dec/76 - Exploit
References () https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt - Exploit () https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt - Exploit

Information

Published : 2015-01-08 15:59

Updated : 2024-11-21 02:21


NVD link : CVE-2014-9576

Mitre link : CVE-2014-9576

CVE.ORG link : CVE-2014-9576


JSON object : View

Products Affected

vdgsecurity

  • vdg_sense
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor