CVE-2017-9488

The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST and DPC3941T firmware version DPC39412.5s3PRODsey devices allows remote attackers to access the web UI by establishing a session to the wan0 WAN IPv6 address and then entering unspecified hardcoded...

I-O DATA DEVICE WN-G300R3 Hardcoded Credential Vulnerability

The I-O DATA DEVICE WN-G300R3 is a wireless router device from I-O DATA DEVICE Japan. A hard-coded credentials vulnerability exists in the I-O DATA DEVICE WN-G300R3 using firmware version 1.0.2 and earlier, which stems from the program's use of hard-coded credentials. An attacker could exploit th...

MEDHOST Document Management System Hardcoded Credentials

MEDHOST Document Management System contains multiple hard-coded credentials CVE-2017-11693 & CVE-2017-11694 Overview ------------ Medhost Document Management system for all versions contains hard-coded credentials used for customer database and Apache Solr access. This is a new vulnerability not...

Hardcoded credentials

A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges...

Hardcoded credentials

LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document...

Hardcoded credentials

The Integrated User Firewall UserFW feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API,...

CVE-2017-2343

CVE-2017-2343 affects Juniper Junos SRX Series with the Integrated User Firewall (UserFW) authentication API. The root cause is hardcoded credentials in UserFW, enabling an unauthenticated, remote attacker to potentially gain administrative access to the SRX device and compromise connected servic...

CVE-2017-2343 SRX Series: Hardcoded credentials in Integrated UserFW feature.

The Integrated User Firewall UserFW feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API,...

AGFEO Smart Home ES 5xx / 6xx Authentication Bypass / XSS / Hardcoded Credentials Vulnerabilities

AGFEO Smart Home ES 5xx / 6xx versions 1.9b and 1.10 suffers from authentication bypass, cross site scripting, and hard-coded private key vulnerabilities. title: Multiple critical vulnerabilities product: AGFEO Smart Home ES 5xx AGFEO Smart Home ES 6xx vulnerable version: at least 1.9b, 1.10 fixe...

Juniper Networks Junos OS SRX Series: Hardcoded Credentials Vulnerability

Junos OS on SRX series contain hardcoded credentials. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"; if...

Solarwinds LEM 6.3.1 Hardcoded Credentials

KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials Title: Solarwinds LEM Hardcoded Credentials Advisory ID: KL-001-2017-015 Publication Date: 2017.07.06 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-015.txt 1. Vulnerability Details Affected Vendor: Solarwinds...

SolarWinds Log and Event Manager (LEM) < 6.3.1 Hotfix 5 Hardcoded Credentials Vulnerability

SolarWinds Log and Event Manager LEM is prone to a hardcoded credentials vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Solarwinds LEM Hardcoded Credentials

Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials Impact: Unintended Access Attack vector: Local 2. Vulnerability Description The...

FortiWLM upgrade user account hard-coded credentials

FortiWLM has a hard-coded password for its "upgrade" user account, which it uses to transfer files to and from the FortiWLC controller. Having the upgrade account credentials would allow an attacker to transfer files to any attached or previously attached controllers as an admin user, thus raisin...

Foscam C1 Hardcoded Credential Authentication Bypass Vulnerability

Foscam C1 is a wireless IP camera product from FOSCAM China. A security vulnerability exists in the Foscam C1 using firmware version 1.9.1.12. The vulnerability can be exploited by a remote attacker to access a camera that does not block port 50021...

Hardcoded credentials

Hard-coded FTP credentials r:r are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device...

Foscam camera Web UI Hides Hardcoded Credentials Vulnerability

Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera Web UI Hidden and Hardcoded Credentials Vulnerability.The Foscam model has hidden and hardcoded credentials that can be exploited by an attacker to gain...

Trashbilling.com / Trashflow 3.0 XSS / SQL Injection

A blog post with information located here: https://thenopsled.com/trashbilling.html ============ Introduction ============ This was a basic vulnerability analysis of trashbilling.com which I am required to use to pay my trash bill, and Trashflow 3.0, which updates trashbilling.com from the Trash...

Hardcoded credentials

A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise UCCE 11.51 and 11.61 could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account tha...

Hardcoded credentials

A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information...