PT-2017-2899 · D Link · D-Link Dir-850L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. B versions through FW208WWb02 Description: The issue is related to a hardcoded password for the Alphanetworks account, which is set to wrgac25 dlink.2013gui dir850l upon device reset. This allows remote attackers to obtai...

CVE-2017-14115

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a "Terminal shell v1.0" service, and...

MEDHOST Connex Hardcoded Password

CVE-2017-11743 Overview ------------ MEDHOST Connex contains a hard-coded Mirth Connect admin password in all versions. This is a new vulnerability not related to CVE-2016-4328, CVE-2017-11614, CVE-2017-11693 or CVE-2017-11694. Description ------------ MEDHOST Connex contains a hard-coded Mirth...

CVE-2016-10401

CVE-2016-10401 affects ZyXEL PK5001Z (and related modems) with a hardcoded/backup root credential setup. Multiple connected sources confirm an authentication bypass/remote admin access vector: default telnet/root credentials (example: zyad5001) allow a user with knowledge of a non-root account pa...

R7-2017-02: Hyundai Blue Link Potential Info Disclosure (FIXED)

Summary Due to a reliance on cleartext communications and the use of a hard-coded decryption password, two outdated versions of Hyundai Blue Link application software, 3.9.4 and 3.9.5 potentially expose sensitive information about registered users and their vehicles, including application...

Hardcoded credentials

A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device...

Tecnovision DLX Spot - SSH Backdoor Access

Exploit Title: DlxSpot - Player4 LED video wall - Hardcoded Root SSH Password. Google Dork: "DlxSpot - Player4" Date: 2017-05-14 Discoverer: Simon Brannstrom Authors Website: https://unknownpwn.github.io/ Vendor Homepage: http://www.tecnovision.com/ Software Link: n/a Version: All known versions...

Schneider Hardcoded Password

OpenSource Security Ralf Spenneberg Am Bahnhof 3-5 48565 Steinfurt [email protected] OS-S Security Advisory 2017-02 Date: April 4th, 2017 Authors: Simon Heming, Maik BrA1/4ggemann, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 10 Affected Device: Schneider SoMachine Basic 1.4 SP1,...

CVE-2017-6351

The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the 'abarco' hardcoded manufacturer account...

CVE-2017-6351

WePresent WiPG-1500 devices (firmware up to 1.0.3.7) contain a hardcoded manufacturer account with a username/password. When DEBUG mode is enabled, an attacker can connect via telnet (port 5885) and log in using the hardcoded account abarco . This account is not documented, nor is the DEBUG featu...

DEBIAN-CVE-2016-9013

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually...

ALPINE-CVE-2016-9013

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually...

CVE-2016-9013

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually...

PYSEC-2016-17

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually...

CVE-2016-9013

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually...

CVE-2016-9013

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually...

Ubuntu: Security Advisory (USN-3115-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2016-0368 Updated python-django packages fix security vulnerabilities

User with hardcoded password created when running tests on Oracle When running tests with an Oracle database, Django creates a temporary database user. In older versions, if a password isn't manually specified in the database settings TEST dictionary, a hardcoded password is used. This could allo...

Updated python-django packages fix security vulnerabilities

User with hardcoded password created when running tests on Oracle When running tests with an Oracle database, Django creates a temporary database user. In older versions, if a password isn't manually specified in the database settings TEST dictionary, a hardcoded password is used. This could allo...

Ubuntu 14.04 LTS / 16.04 LTS : Django vulnerabilities (USN-3115-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3115-1 advisory. Marti Raudsepp discovered that Django incorrectly used a hardcoded password when running tests on an Oracle database. A remote attacker could...