CVE-2019-15017

The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials...

Hardcoded Credentials in Zingbox Inspector

Hardcoded credentials for root and inspector user accounts are present in the system software. Ref: CVE-2019-15015 The vulnerability allows for users to authenticate to the software using hardcoded credentials if access to SSH on the Zingbox Inspector is not otherwise restricted see also...

SSH Service Exposed in Zingbox Inspector

The SSH service is enabled on the Zingbox Inspector, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials. Ref: CVE-2019-15017 The vulnerability allows for users to authenticate to the softwar...

SSH Service Exposed in Zingbox Inspector

The SSH service is enabled on the Zingbox Inspector, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials. Ref: CVE-2019-15017 The vulnerability allows for users to authenticate to the softwar...

Hardcoded Credentials in Zingbox Inspector

Hardcoded credentials for root and inspector user accounts are present in the system software. Ref: CVE-2019-15015 The vulnerability allows for users to authenticate to the software using hardcoded credentials if access to SSH on the Zingbox Inspector is not otherwise restricted see also...

Palo Alto Networks Zingbox Inspector CVE-2019-15015 Hardcoded Credentials Vulnerability

Description Palo Alto Networks Zingbox Inspector is prone to a hard-coded credentials vulnerability. An attacker can exploit this issue to gain unauthorized access to the vulnerable system and perform unauthorized actions. Palo Alto Networks Zingbox Inspector version 1.294 and prior are vulnerabl...

PT-2019-3538 · Zingbox · Zingbox Inspector

Name of the Vulnerable Software and Affected Versions: ZingBox Inspector versions 1.294 and earlier Description: The issue is related to the use of hardcoded credentials in the ZingBox Inspector, which can allow a remote attacker to gain unauthorized access to the system. The presence of these...

PT-2019-3540 · Zingbox · Zingbox Inspector

Name of the Vulnerable Software and Affected Versions: Zingbox Inspector versions 1.294 and earlier Description: The issue is related to the SSH service being enabled, exposing it to the local network. This, combined with other factors, can allow an attacker to authenticate to the service using...

Hardcoded credentials

Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The “generate reports” archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption is available...

Hardcoded credentials

Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments...

Hardcoded credentials

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files...

Emerson DeltaV Smart Switch Hardcoded Credentials (ICSA-19-190-01)

Binary data 720299.prm...

Telnet Backdoor Opens More Than 1M IoT Radios to Hijack

Imperial Dabman IoT radios have a weak password vulnerability that could allow a remote attacker to achieve root access to the gadgets’ embedded Linux BusyBox operating system, gaining control over the device. Adversaries can deliver malware, add a compromised radio to a botnet, send custom audio...

Cisco Device Hardcoded Credentials / GNU glibc / BusyBox

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, Cisco 160W vulnerable version:...

Hardcoded credentials

The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13 password for the slickpopupteam account, after a Subscriber calls a certain AJAX action...

Zyxel NWA/NAP/WAC Hardcoded Credentials

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Hardcoded FTP Credentials product: Zyxel NWA/NAP/WAC wireless access point series vulnerable version: see "Vulnerable / tested version" fixed version: see "Solution" CVE...

Hardcoded credentials

An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization...

ProGrade/Lierda Grill Temperature 1.00_50006 Hardcoded Credentials

Author: Tim Tepatti Website: tepatti.com Title: Hard-coded credentials on ProGrade/Lierda Grill Temperature Monitor CVE-2019-15304 Product: Grill Temperature Monitor Manufacturer: ProGrade / Lierda Affected Versions: V1.0050006 Tested Versions: V1.0050006 Vulnerability Type: Use of hard-coded...

Hardcoded credentials

The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users...

Hardcoded credentials

The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder...