1186 matches found
CVE-2019-15867
The CVE-2019-15867 issue affects the WordPress slick-popup plugin (pre-1.7.2). It relies on a hardcoded credential OmakPass13# for the slickpopupteam account, enabling privilege escalation via a specific AJAX action (as described by connected sources). Practical impact is administrator-level acce...
CVE-2019-15867
The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13 password for the slickpopupteam account, after a Subscriber calls a certain AJAX action...
CVE-2016-10928
The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users...
CVE-2016-10928
The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users...
CVE-2016-10928
The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users...
Fortinet FortiRecorder 2.7.3 Hardcoded Password Vulnerability
Fortinet FortiRecorder 2.7.3 Hardcoded Password Vulnerability Original posting: https://xor.cat/2019/08/05/fortinet-fortirecorder-hardcoded-password/ Text archive available here: https://xor.cat/archive/2019/08/05/fortinet-fortirecorder-hardcoded-password.txt Background In June of 2019 I discover...
Fortinet FortiRecorder 2.7.3 Hardcoded Password
Original posting: https://xor.cat/2019/08/05/fortinet-fortirecorder-hardcoded-password/ Text archive available here: https://xor.cat/archive/2019/08/05/fortinet-fortirecorder-hardcoded-password.txt Background In June of 2019 I discovered a vulnerability in Fortinet's FortiRecorder1 product which...
CVE-2017-8415
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getspnam at address 0x00053894. Then performs a crypt operation on the password retrieved from the use...
CVE-2019-12920
On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET login prompt...
CVE-2019-12920
Summary: CVE-2019-12920 affects Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4. Vulnerability: devices ship with a hardcoded root password (12345678) accessible from a TELNET prompt, enabling a network attacker to login remotely and gain root access. Root cause: hardcoded credential ...
CVE-2019-12920
On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET login prompt...
Schneider Electric Magelis XBT HMI Hardcoded Configuration Password
Binary data 720236.prm...
Weak Password Vulnerability in Trunkey's ICP/IP Address Information Filing Management System
Trunkey ICP/IP address information filing management system is a set of ISP service provider enterprise side filing management system. A weak password vulnerability exists in the Trunkey ICP/IP address information filing management system. The vulnerability is due to the fact that the password is...
CVE-2019-6499
Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account in viewpoint-portal\conf\server.xml that could potentially be exploited by malicious users to compromise the affected system...
CVE-2019-6499
Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account in viewpoint-portal\conf\server.xml that could potentially be exploited by malicious users to compromise the affected system...
CVE-2019-6499
CVE-2019-6499 affects Teradata Viewpoint prior to 14.0 and 16.20.00.02-b80, where a hardcoded password (TDv1i2e3w4) was stored for the viewpoint database account in viewpoint-portal\conf\server.xml. This static credential could allow a malicious user to compromise the affected system. The provide...
CVE-2019-6499
Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account in viewpoint-portal\conf\server.xml that could potentially be exploited by malicious users to compromise the affected system...
CVE-2019-3908
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data...
Cradlepoint Router Password Disclosure Vulnerability
Exploit for hardware platform in category web applications Cradlepoint Router Password Disclosure Many vulnerabilities in the built-in software of the Cradlepoint Router. 100000 such routers can be seen in the shodan https://www.shodan.io/search?query=cradlepointhttpservice. These vulnerabilities...
CVE-2018-19066
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded Pxift password in some cases...