CVE-2018-18006

The CVE-2018-18006 entry describes hardcoded credentials in Ricoh myPrint Windows (v2.9.2.4) and Android (v2.2.7) clients that grant access to the external myPrint WSDL API. The root cause is credential leakage embedded in the applications, enabling access to API secrets, mail-server passwords, a...

CVE-2018-18006

Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files...

IBM Security Guardium Hardcoded Credentials Vulnerability

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A hard-coded credentials vulnerability exists in IBM Security Guardium...

Hardcoded credentials

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM...

Hardcoded credentials

Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page...

Hardcoded credentials

Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page...

Hardcoded credentials

IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator. IBM X-Force ID: 144656...

Siglent Technologies SDS 1202X-E Digital Oscilloscope 5.1.3.13 Hardcoded Credentials

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Siglent Technologies SDS 1202X-E Digital Oscilloscope vulnerable version: V5.1.3.13 fixed version: - CVE number: - impact: High homepage...

Hardcoded credentials

The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address...

Hardcoded credentials

An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Weak access credentials may enable attackers in the adjacent network to gain unauthorized service access via a service interface...

Ricoh myPrint Hardcoded Credentials / Information Disclosure

Exploit Title: Ricoh myPrint - Hardcoded application credentials and information disclosure via WSDL webservices Google Dork: intitle:"ricoh myprint" "Copyright Ricoh. All Rights Reserved" Date: 19-11-18 Exploit Author: Hodorsec Vendor Homepage: https://www.ricoh.com Software Link:...

Ricoh myPrint Hardcoded Credentials / Information Disclosure Vulnerability

Ricoh myPrint suffers from hardcoded application credential and information disclosure vulnerabilities. The myPrint windows client version 2.9.2.4 and myPrint android client version 2.2.7 are both affected. Exploit Title: Ricoh myPrint - Hardcoded application credentials and information disclosur...

Hardcoded credentials

Lenovo Chassis Management Module CMM prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets...

Hardcoded credentials

Denbun by NEOJAPAN Inc. Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier uses hard-coded credentials, which may allow remote attackers to login to the Management page and change the configuration...

Hardcoded credentials

Denbun by NEOJAPAN Inc. Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier uses hard-coded credentials, which may allow remote attackers to read/send mail or change the configuration...

Hardcoded credentials

Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Hardcoded credentials

Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the sandbox via a crafted HTML page...

Hardcoded credentials

Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Hardcoded credentials

Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Hardcoded credentials

Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page...