Hardcoded credentials

SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml...

Hardcoded credentials

An unspecified ActiveX control in IBM SPSS Statistics 22.0 through FP1 on 32-bit platforms allows remote attackers to execute arbitrary code via a crafted HTML document...

Hardcoded credentials

ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets...

Hardcoded credentials

The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandboxlinux/naclsandboxlinux.cc in Google Chrome before 42.0.2311.90 does not have RLIMITAS and RLIMITDATA limits for Native Client aka NaCl processes, which might make it easier for remote attackers to conduct...

Hardcoded credentials

Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface BVI traffic, which allows remote attackers to cause a denial of service chip and card hangs and reloads by triggering use of a BVI interface...

Apache Tomcat Server Administration Default/Hardcoded Credentials (HTTP)

The Apache Tomcat Server Administration is using default or known hardcoded credentials. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH SPDX-FileCopyrightText: Improved code and additional detection routine / credentials research since 2016 Greenbone AG Some text descriptions might be excerpted fro...

Hardcoded credentials

Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network...

Hardcoded credentials

Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password...

Hardcoded credentials

The web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which makes it easier for remote attackers to obtain access via an HTTP session...

CVE-2014-9198

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session...

Hardcoded credentials

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session...

CVE-2014-9198

The CVE-2014-9198 vulnerability affects Schneider Electric’s ETG3000 FactoryCast HMI Gateway (firmware up to version 1.60 IR 04). The issue is a design flaw in the FTP server that relies on hardcoded/default credentials, enabling remote attackers to access the FTP service and potentially disclose...

CVE-2014-9198 Schneider Electric ETG3000 FactoryCast HMI Gateway Use of Hard-coded Credentials

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session...

Hardcoded credentials

VDG Security SENSE formerly DIVA 2.3.13 has a hardcoded password of 1 ArpaRomaWi for the root Postgres account and !DVService for the 2 postgres and 3 NTP Windows user accounts, which allows remote attackers to obtain access...

Hardcoded credentials

The HashContext class in hphp/runtime/ext/exthash.cpp in Facebook HipHop Virtual Machine HHVM before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string,...

Emerson Patches Series of Flaws in Controllers Used in Oil and Gas Pipelines

Researchers have identified a wide range of vulnerabilities in remote terminal units manufactured by Emerson Process Management that are widely used in oil and gas pipelines and other applications. The vulnerabilities include a number of hidden functions in the RTUs, an authentication bypass and...

VDG Security SENSE 2.3.13 File Disclosure / Bypass / Buffer Overflow

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: VDG Security SENSE formerly DIVA vulnerable version: 2.3.13 fixed version: unknown - no vendor confirmation impact: critical...

ZTE 831CII Multiple Vulnerablities

Hardcoded default misconfiguration - The modem comes with admin:admin user credintials. Stored XSS - http://192.168.1.1/psilan.cgi?action=save&ethIpAddress=192.168.1.1&ethSubnetMask=255.255.255.0&hostname=ZXDSL83C1II&domainname=home27;alert28029;//&enblUpnp=1&enblLan2=0 Any user browsing to...

ZTE 831CII Hardcoded Credential / XSS / CSRF

Hardcoded default misconfiguration - The modem comes with admin:admin user credintials. Stored XSS - http://192.168.1.1/psilan.cgi?action=save&ethIpAddress=192.168.1.1&ethSubnetMask=255.255.255.0&hostname=ZXDSL83C1II&domainname=home%27;alert%280%29;//&enblUpnp=1&enblLan2=0 Any user browsing to...

Hardcoded credentials

The Herpin Time Radio aka com.herpin.time.radio application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...