1111 matches found
CVE-2017-13104 Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, 2017-11-02, iOS application uses a hard-coded key for encryption
Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, 2017-11-02, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key...
Dialogic PowerMedia XMS Hard-Coded Encryption Key Vulnerability
Dialogic PowerMedia XMS is a suite of software multimedia servers for real-time communications from Dialogic, Inc. that provide real-time multimedia communication solutions for IMS, MRF, enterprise and WebRTC applications. A security vulnerability in the /var/www/xms/application/config/config.php...
CVE-2018-11635
Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication...
WUZHI CMS SQL Injection Vulnerability (CNVD-2018-11099)
WUZHI CMS is China's five fingers WUZHI Internet technology company based on PHP and MySQL open source content management system CMS. A SQL injection vulnerability exists in the api/uc.php file in WUZHI CMS version 4.1.0, which stems from the use of hard-coded values for 'UCKEY'. A remote attacke...
Trend Micro Email Encryption Gateway Authentication Vulnerability
Trend Micro Email Encryption is a suite of identity-based email encryption solutions from Trend Micro, Inc. The Trend Micro Email Encryption Gateway TMEEG is one of the gateway products that provides data protection. A security vulnerability exists in the DBCrypto class in Trend Micro TMEEG versi...
TP-Link EAP Controller and Omada Controller Hardcoding Vulnerability
TP-Link EAP Controller and Omada Controller are both software from China P&L TP-LINK for remote control of wireless AP access point devices. A security vulnerability exists in the Web application backup file in TP-Link EAP Controller and Omada Controller versions 2.5.4Windows and 2.6.0Windows,...
TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ TP-Link EAP Controller Multiple Vulnerabilities 1. Advisory Information Title: TP-Link EAP Controller Multiple Vulnerabilities Advisory ID: CORE-2018-0001 Advisory URL:...
CVE-2018-10167
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in...
CVE-2018-10167
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in...
CVE-2017-14014
Summary of CVE-2017-14014 : The Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI before it is transferred to removable media. This creates a vulnerability (CWE-321: Use of Hard-coded Cryptographic Key) with CVSS3 base score 4.6 (vector AV:P/AC:L/PR...
AssetView and AssetView PLATINUM contain multiple vulnerabilities
Overview AssetView and AssetView PLATINUM provided by Hammock Corporation contain 2 vulnerabilities listed below. Use of Hard-coded Cryptographic Key CWE-321 - CVE-2017-10866 Improper Input Validation CWE-20 - CVE-2017-10867 Muneaki Nishimura of of Recruit Technologies Co.,Ltd. RED TEAM reported...
CVE-2017-2720
FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure...
CVE-2017-14021
A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e,...
CVE-2017-9649
A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants including RSD31-AM Package, DRM-1/2 and variants including Solar PWR Package, DRM and RDS Based Boundary Monitors, External...
Multiple Westermo devices hard-coded to use encryption key vulnerability
The Westermo MRD-305-DIN, MRD-315 and MRD-355 are all router products from Westermo, Sweden. A security vulnerability exists in multiple Westermo devices. An attacker could exploit the vulnerability to decode traffic from other sources...
Multiple Westermo Routers Hardcoded Password Vulnerability
The RD-305-DIN, MRD-315, MRD-355, and MRD-455 are all Westermo router devices. Multiple Westermo routers are vulnerable to a hard-coded password vulnerability where the device uses a hard-coded special key that allows an attacker to decrypt traffic from any other source...
CVE-2017-6054
A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information...
Hardcoded Credentials Vulnerability in Multiple Foscam Devices
Foscam is the world's leading provider of home security IP cameras. A security vulnerability exists in the use of the same hard-coded SSL private key for Foscam networked devices across different customer installations. A remote attacker could utilize another installation with knowledge of this k...
Schneider Modicon M221CE16R Hard-Coded Vulnerability
The Modicon M221CE16R is an all-in-one programmable controller from Schneider Electric Co. The Schneider Modicon M221CE16R is vulnerable to a hard-coded vulnerability where XML files are AES-CBC encrypted, but the key used for encryption is hard-coded and cannot be changed. After decrypting the X...
Red Lion Controls Sixnet-Managed Industrial Switches and Stride-Managed Ethernet Switches Hard-Coded Encryption Key Vulnerability
Red Lion Controls Sixnet-Managed Industrial Switches and Stride-Managed Ethernet Switches are both industrial Ethernet managed switches from Red Lion Controls, USA. A hard-coded encryption key vulnerability exists in Red Lion Controls Sixnet-Managed Industrial Switches version 5.0.196 and earlier...