CVE-2013-5535

The CVE concerns Cisco Video Surveillance 4000 Series IP Cameras with an undocumented hard-coded password (hard-coded credentials) on the analytics page, enabling an unauthenticated remote attacker to view the video feed. Root cause: a hard-coded password in a user account. Affected product: Cisc...

CVE-2013-0694

The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by...

Hardcoded credentials

The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by...

Hardcoded credentials

An unspecified DLL file in Baramundi Management Suite 7.5 through 8.9 uses a hardcoded encryption key, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere...

CVE-2013-0694

CVE-2013-0694 concerns hardcoded credentials in ROMs of Emerson ROC800 RTU family: ROC800 (v3.50 and earlier), DL8000 (v2.30 and earlier), and ROC800L (v1.20 and earlier). The underlying flaw enables remote attackers to obtain a shell on the OS by exploiting ROM contents known from a device insta...

CVE-2013-0694

The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by...

Hardcoded credentials

The FTP server in Cisco Unified Computing System UCS has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769...

Hardcoded credentials

Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different...

Hardcoded credentials

Dahua DVR appliances have a hardcoded password for 1 the root account and 2 an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving a ActiveX, b a standalone client, or c unknown other vectors...

Hardcoded credentials

The captive portal application in Cisco Identity Services Engine ISE allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515...

Hardcoded credentials

The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt...

Hardcoded credentials

Cisco Unified Communications Manager CUCM 7.1x through 9.12 and the IM & Presence Service in Cisco Unified Presence Server through 9.12 use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat...

Hardcoded credentials

A certain Red Hat patch to the dofilpopen function in fs/namei.c in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux RHEL 6 does not properly handle failure to obtain write permissions, which allows local users to cause a denial of service system crash by leveraging acces...

Hardcoded credentials

The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request...

Hardcoded credentials

Google Chrome before 27.0.1453.110 on Windows provides an incorrect handle to a renderer process in unspecified circumstances, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors...

Zavio IP cameras multiple security vulnerabilities

Hardcoded credentials, code execution, weak permissions...

Hardcoded credentials

TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allows remote attackers to obtain administrative access via an FTP session...

D-Link IP cameras multiple security vulnerabilities

Code execution, authentication bypass, hardcoded credentials, information leakage...

Aastra IP Telephone Hardcoded Credentials (Telnet)

Aastra IP Telephone is using known hardcoded credentials. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Hardcoded credentials

1 contrib/gforge-3.0-cronjobs.patch, 2 cronjobs/homedirs.php, 3 deb-specific/fileforge.pl, 4 deb-specific/groupdumpupdate.pl, 5 deb-specific/sshdumpupdate.pl, 6 deb-specific/userdumpupdate.pl, 7 plugins/scmbzr/common/BzrPlugin.class.php, 8 plugins/scmcvs/common/CVSPlugin.class.php, 9...