Juniper ATP has an unspecified vulnerability (CNVD-2019-39195)

Juniper Advanced Threat Prevention ATP is a suite of advanced threat protection platforms from Juniper Networks. The product supports malware detection, file analysis, and malicious IP address and URL blocking. A security vulnerability exists in Juniper ATP version 5.0.3 prior to version 5.0, whi...

Hardcoded credentials

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3...

Hardcoded credentials

Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3...

Hardcoded credentials

Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands...

Hardcoded credentials

RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached D5520, D6500, D6510, D7500, D8400, and the display versions with RICOH Interactive Whiteboard Controller Type2 V3....

Hardcoded credentials

Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Hardcoded credentials

Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page...

Hardcoded credentials

Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page...

Hardcoded credentials

Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page...

Hardcoded credentials

JavaScript alert handling in Prompts in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Hardcoded credentials

Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page...

Hardcoded credentials

Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Guardzilla IoT Camera Hardcoded Credentials Vulnerability

The Guardzilla All-In-One Video Security System is an in-home security platform that provides indoor video surveillance. A hard-coded credential vulnerability exists in Guardzilla IoT cameras. The vulnerability exists in the Amazon Simple Storage Service S3 credentials within the Guardzilla...

Hardcoded credentials

Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system...

Hardcoded credentials

A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12v1 and earlier, which could enable an attacker to gain access to the device...

Hardcoded credentials

Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API...

Hardcoded credentials

COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file...

CVE-2018-18006

Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files...

Hardcoded credentials

Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files...

CVE-2018-18006

Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files...