CVE-2012-0402

CVE-2012-0402 affects EMC RSA enVision 4.x prior to 4.1 Patch 4, which uses unspecified hardcoded credentials that could allow a remote attacker to gain access via unknown vectors. The vulnerability is within RSA enVision’s authentication surface, with a CVSS Base Score of 9.3 (High) per NVD. Aff...

ESA-2012-014: RSA enVision Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-014: RSA enVision Multiple Vulnerabilities EMC Identifier:ESA-2012-014 CVE Identifiers: CVE-2012-0399, CVE-2012-0400, CVE-2012-0401, CVE-2012-0402, CVE-2012-0403 Severity Rating: CVSS Base Score: See below for scores for individual...

Hardcoded credentials

The Web Configuration tool in VMware vCenter Orchestrator vCO 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document...

CVE-2012-1288

The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP session...

CVE-2012-1288

The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP session...

CVE-2012-1288

The CVE refers to UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock devices that use hardcoded administrative credentials. The underlying issue is a hardcoded admin user/password that can be used to access the device via its web interface, enabling remote attackers to obtain access and potenti...

Hardcoded credentials

Multiple unspecified vulnerabilities in the 1 PrintFile and 2 SaveDoc methods in the VsVIEW6 ActiveX control in VsVIEW6.ocx in IBM SPSS SamplePower 3.0 allow remote attackers to execute arbitrary code via a crafted HTML document...

Hardcoded credentials

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...

Hardcoded credentials

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771 and 140CPU65 modules, the Premium TSXETY and TSXP57 modules, the M340 BMXNOE01 and BMXP3420 modules, and the STB DIO STBNIC2212 and STBNIP2 modules, uses hardcoded passwords for the 1 AUTCSE, 2 AUTCSE, 3 fdrusers, 4...

Schneider Electric Quantum Ethernet Module Hardcoded Credentials (FTP)

Schneider Electric Quantum Ethernet Module is using known hardcoded credentials. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Schneider Electric Quantum Ethernet Module Hardcoded Credentials (Telnet)

Schneider Electric Quantum Ethernet Module is using known default credentials. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Quest / Dell KACE K2000 Systems Deployment Appliance (SDA) < 3.7 Hardcoded Credentials (HTTP)

The Quest / Dell KACE K2000 System Deployment Appliance SDA contains a hidden administrator account that allows a remote attacker to take control of an affected device. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright ...

Hardcoded credentials

/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server...

Hardcoded credentials

functions/pageheader.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

Hardcoded credentials

Opera before 11.10 allows remote attackers to cause a denial of service application crash via an HTML document that has an empty parameter value for an embedded Java applet...

Hardcoded credentials

The HTML parser in Google Chrome before 12.0.742.112 does not properly address "lifetime and re-entrancy issues," which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

CVE-2011-0756

The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port...

Hardcoded credentials

The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port...

CVE-2011-0756

The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port...

CVE-2011-0756

Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials in the application server, allowing remote attackers to connect via the management port through the remote console GUI and read security-event data. The linked Red Hat advisory confirms the same issue as CVE-2011-0756, a...