Hardcoded credentials

D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access...

Hardcoded credentials

The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials. Affected releases are Contrail releases 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and ha...

Hardcoded credentials

Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another...

Hardcoded credentials

Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage...

Hardcoded credentials

The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector has a hardcoded...

Complain Management System Hard-Coded Credentials / Blind SQL Injection

Exploit Title : Complain Management System Blind SQL Injection Date: 10 October 2017 Exploit Author: havysec Tested on: ubuntu14.04 Vendor: https://sourceforge.net/projects/complain-management-system/ Version: not supplied Download Software:...

Hardcoded credentials

The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LSUSER account for creation of a hard link...

Hardcoded credentials

Multiple hardcoded credentials in Xsuite 2.x...

CVE-2015-4667

Multiple hardcoded credentials in Xsuite 2.x...

CVE-2015-4667

CVE-2015-4667 affects Xceedium Xsuite 2.x (notably versions 2.3.0 and 2.4.3.0). The connected documents describe multiple hardcoded credentials vulnerabilities, including a hard-coded database password (n1b2dy) and broader issues in Xsuite 2.x that enable remote/ local access. Additional related ...

CVE-2015-4667

Multiple hardcoded credentials in Xsuite 2.x...

Hardcoded credentials

A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants including RSD31-AM Package, DRM-1/2 and variants including Solar PWR Package, DRM and RDS Based Boundary Monitors, External...

Hardcoded credentials

The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzon...

Hardcoded credentials

D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 and REV. B with firmware through FW208WWb02 devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms...

Hardcoded credentials

D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 and REV. B with firmware through FW208WWb02 devices have 0666 /var/etc/hnapasswd permissions...

Hardcoded credentials

Honda Moto LINC 1.6.1 does not verify SSL certificates...

Security Vulnerabilities in AT&T Routers

They're actually Arris routers, sold or given away by AT&T.; There are several security vulnerabilities, some of them very serious. They can be fixed, but because these are routers it takes some skill. We don't know how many routers are affected, and estimates range from thousands to 138,000. Amo...

AT&T U-verse Arris Modems NVG589 / NVG599 / 5268AC Multiple Vulnerabilities (SharknATTo)

The remote Arris device's self report model is NVG589, NVG599 or 5268AC. It is, therefor, affected by multiple vulnerabilities, including a firewall bypass, multiple instances of hardcoded credentials, privilege escalation, and remote code execution. Note: Nessus has not checked the firmware...

Bugs in Arris Modems Distributed by AT&T Vulnerable to Trivial Attacks

Trivially exploitable vulnerabilities have been discovered in several Arris home modems, routers and gateways distributed to consumers and small businesses through AT&T’s U-verse service. It’s unknown yet whether the firmware vulnerabilities were introduced by the OEM or the ISP since AT&T seems ...

Hardcoded credentials

In The Sleuth Kit TSK 4.4.2, fls hangs on a corrupt exfat image in tskimgread in tsk/img/imgio.c in libtskimg.a...