Hardcoded credentials

The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOADAPIKEY and FILEDOWNLOADAPIKEY...

Hardcoded credentials

Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account...

Hardcoded credentials

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center CIC Versions 4.X and 5.X, CARESCAPE Central Station CSCS Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execut...

Hardcoded credentials

A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials...

Hardcoded credentials

The bt/btcore system service in Tizen allows an unprivileged process to create a system user interface and control the Bluetooth pairing process, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series...

Hardcoded credentials

CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary...

Hardcoded credentials

The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain...

Fortinet FortiSIEM CVE-2019-16153 Hardcoded Credentials Vulnerability

Description Fortinet FortiSIEM is prone to a hard-coded credentials vulnerability. An attacker can exploit this issue to gain unauthorized access to the vulnerable device and perform unauthorized actions. Versions prior to Fortinet FortiSIEM 5.2.6 are vulnerable. Technologies Affected Fortinet...

CVE-2019-14919

An exposed Telnet Service on the Billion Smart Energy Router SG600R2 with firmware v3.02.rc6 allows a local network attacker to authenticate via hardcoded credentials into a shell, gaining root execution privileges over the device...

CVE-2019-14919

An exposed Telnet Service on the Billion Smart Energy Router SG600R2 with firmware v3.02.rc6 allows a local network attacker to authenticate via hardcoded credentials into a shell, gaining root execution privileges over the device...

Hardcoded credentials

An exposed Telnet Service on the Billion Smart Energy Router SG600R2 with firmware v3.02.rc6 allows a local network attacker to authenticate via hardcoded credentials into a shell, gaining root execution privileges over the device...

CVE-2019-14919

The CVE concerns the Billion Smart Energy Router SG600R2 (firmware v3.02.rc6). An exposed Telnet service allows a local attacker to authenticate using hardcoded credentials, gaining root execution privileges on the device. This directly enables privileged control from the local network. The avail...

CVE-2019-14919

An exposed Telnet Service on the Billion Smart Energy Router SG600R2 with firmware v3.02.rc6 allows a local network attacker to authenticate via hardcoded credentials into a shell, gaining root execution privileges over the device...

Hardcoded credentials

Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML...

CVE-2013-3620

Hardcoded WSMan credentials in Intelligent Platform Management Interface IPMI with firmware for Supermicro X9 generation motherboards before 3.15 SMTX9315 and firmware for Supermicro X8 generation motherboards before SMT X8 312...

Hardcoded credentials

Hardcoded WSMan credentials in Intelligent Platform Management Interface IPMI with firmware for Supermicro X9 generation motherboards before 3.15 SMTX9315 and firmware for Supermicro X8 generation motherboards before SMT X8 312...

Hardcoded credentials

Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to...

Heatmiser Netmonitor 3.03 Hardcoded Credentials

Exploit Title: Heatmiser Netmonitor 3.03 - Hardcoded Credentials Date: 2019-12-22 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.heatmiser.com/en/ Hardware Link: https://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf Software: Netmonitor v3.03 Product Version: Netmonitor...

Heatmiser Netmonitor 3.03 - Hardcoded Credentials Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Heatmiser Netmonitor 3.03 - Hardcoded Credentials Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.heatmiser.com/en/ Hardware Link: https://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf Software:...

WEMS BEMS 21.3.1 - Undocumented Backdoor Account

Exploit: WEMS BEMS 21.3.1 - Undocumented Backdoor Account Date: 2019-12-30 Author: LiquidWorm Vendor: WEMS Limited Product web page: https://www.wems.co.uk Advisory ID: ZSL-2019-5552 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5552.php WEMS BEMS 21.3.1 Undocumented Backdo...