CVE-2014-4012

SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors...

CVE-2014-4006

The SAP Trader's and Scheduler's Workbench TSW for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors...

CVE-2014-4007

The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors...

CVE-2014-4010

The vulnerability CVE-2014-4010 affects SAP Transaction Data Pool, which contains hardcoded credentials. The root cause is hardcoded credentials enabling remote attackers to obtain access via unspecified vectors. The NVD entry assigns a CVSS v2 base score of 5.0 (Medium) with Network attack vecto...

CVE-2014-4009

CVE-2014-4009 affects SAP CCMS Monitoring (BC-CCM-MON), where hardcoded credentials enable remote attackers to obtain access via unspecified vectors. The connected sources confirm the issue but do not provide product versions, affected components beyond BC-CCM-MON, or explicit remediation steps i...

CVE-2014-4004

The 1 Structures and 2 Project-Oriented Procurement components in SAP Project System has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors...

CVE-2014-4007

The CVE-2014-4007 entry concerns SAP Upgrade tools for ABAP that contain hardcoded credentials. This root cause enables remote attackers to gain access via unspecified vectors, as described in the NVD entry. The vulnerability is assessed with a Medium base severity (CVSSv2: AV:N/AC:L/Au:N/C:P/I:N...

CVE-2014-4004

CVE-2014-4004 affects SAP Project System Components (Structures and Project-Oriented Procurement). The issue arises from hardcoded credentials, enabling remote attackers to obtain access via unspecified vectors. The connected documents do not specify a patch/workaround or remediation details.

CVE-2014-4011

SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors...

CVE-2014-4008

The CVE-2014-4008 entry concerns the SAP Web Services Tool (CA-WUI-WST), where a hardcoded credential issue is the root cause. This flaw can enable remote access by attackers via unspecified vectors, with a reported base CVSSv2 score of 5.0 (Medium) and network access, low attack complexity, no a...

SAP NetWeaver - Hardcoded credentials

Application: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Hardcoded credentials Reported: 06.03.2014 Vendor response: 07.03.2014 Date of Public Advisory: 15.06.2015 Reference: SAP Security Note 2059659 Authors: Rustem Gazizov, Diana Grigorieva ERPScan VULNERABILITY INFORMATION Class:...

SAP NetWeaver - Hardcoded Credentials

Application: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Hardcoded credentials Reported: 06.03.2014 Vendor response: 07.03.2014 Date of Public Advisory: 15.06.2015 Reference: SAP Security Note 2057982 Authors: Rustem Gazizov, Diana Grigorieva ERPScan VULNERABILITY INFORMATION Class:...

Hardcoded credentials

The My Home implementation in the blockhtmlpluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML...

CVE-2014-2350

Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program...

Hardcoded credentials

Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program...

CVE-2014-2350 Emerson DeltaV Use of Hard-coded Credentials

Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program...

CVE-2014-2350

Technical details for CVE-2014-2350 are not publicly available in the provided documents; monitor for updates.

PT-2014-1222 · Emerson · Emerson Deltav

Name of the Vulnerable Software and Affected Versions: Emerson DeltaV versions 10.3.1 through 12.3 Description: The issue is related to errors that occur when changing access control rules through the Telnet protocol, allowing an attacker to gain access to applications via Telnet to run commands ...

Seagate BlackArmor NAS - Multiple Vulnerabilities

Seagate BlackArmor NAS - Multiple Vulnerabilities Exploit Title: Seagate BlackArmor NAS Multiple Vulnerabilities Date: 2/17/14 Exploit Author: Shayan Sadigh twitter.com/r1pplex | Vendor Homepage: http://www.seagate.com/external-hard-drives/network-storage/ Version: All BlackArmor NAS devices...

Seagate BlackArmor NAS - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Exploit Title: Seagate BlackArmor NAS Multiple Vulnerabilities Date: 2/17/14 Exploit Author: Shayan Sadigh twitter.com/r1pplex | Vendor Homepage: http://www.seagate.com/external-hard-drives/network-storage/ Version: All BlackArmor NAS...