Novell ZENworks Asset Management rtrlet Component GetFile_Password Method Hardcoded Credentials Information Disclosure

The remote host has a version of Novell ZENworks Asset Management that is affected by an arbitrary information disclosure vulnerability. The 'GetFilePassword' maintenance call in '/rtrlet/rtr' is protected by a set of known, hard-coded credentials. This maintenance call can be utilized by an...

Hardcoded credentials

The rtrlet web application in the Web Console in Novell ZENworks Asset Management ZAM 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the 1 GetFilePassword and 2 GetConfigInfoPassword operations, which allows remote attackers to obtain sensitive information via a...

Hardcoded credentials

The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a 1 symlink or 2 hard link, a different vulnerability than CVE-2012-3485...

Hardcoded credentials

The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.120741313, does not properly implement unspecified methods, which allows remote attackers to download an arbitrary program onto a client machine, and...

Apache Tomcat Manager/Host Manager/Server Status Default/Hardcoded Credentials (HTTP)

The Apache Tomcat Manager/Host Manager/Server Status is using default or known hardcoded credentials. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Hardcoded credentials

The Linux firmware image on 1 Korenix Jetport 5600 series serial-device servers and 2 ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH session...

Hardcoded credentials

hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838...

Hardcoded credentials

The bdrvopen function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file...

Hardcoded credentials

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls...

Hardcoded credentials

The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large region size in a package header...

Hardcoded credentials

The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison...

CVE-2012-2567

The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted 1 FTP or 2 HTTP session...

Hardcoded credentials

The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted 1 FTP or 2 HTTP session...

CVE-2012-2567

The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted 1 FTP or 2 HTTP session...

CVE-2012-2567

The CVE-2012-2567 entry refers to Xelex MobileTrack for Android (2.3.7 and earlier) that uses hardcoded credentials and transmits data over an insecure FTP/HTTP session, exposing potentially sensitive user data. Root cause: information exposure due to non-secure authentication/storage configurati...

Hardcoded credentials

GRScript18.dll before 1.2.2.0 in ActiveScriptRuby ASR before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document...

Hardcoded credentials

EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded credentials, which makes it easier for remote attackers to obtain access via unknown vectors...

CVE-2012-0402

EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded credentials, which makes it easier for remote attackers to obtain access via unknown vectors...

CVE-2012-0402

EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded credentials, which makes it easier for remote attackers to obtain access via unknown vectors...

CVE-2012-0402

CVE-2012-0402 affects EMC RSA enVision 4.x prior to 4.1 Patch 4, which uses unspecified hardcoded credentials that could allow a remote attacker to gain access via unknown vectors. The vulnerability is within RSA enVision’s authentication surface, with a CVSS Base Score of 9.3 (High) per NVD. Aff...