Hardcoded credentials

The default configuration of sshdconfig in Cisco Mobility Services Engine MSE through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501...

Hardcoded credentials

Qolsys IQ Panel aka QOL before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation...

Hardcoded credentials

EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption keys, which makes it easier for attackers to obtain access by examining how a program's code conducts cryptographic operations...

Hardcoded credentials

ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password...

Hardcoded credentials

kernelcrashdump in Apport before 2.19 allows local users to cause a denial of service disk consumption or possibly gain privileges via a 1 symlink or 2 hard link attack on /var/crash/vmcore.log...

ADH-Web IP Camera Access Bypass

Advisory Information Title: ADH-Web Server IP-Cameras Improper Access Restrictions Date published: 2015-09-19 Date of last update: 2015-09-19 Vendors contacted: ADH-Web Author: Glaysson dos Santos Release mode: User release 2. Vulnerability Information Class: Information Exposure CWE-200 Impact:...

CVE-2015-6456

GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password...

Hardcoded credentials

GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password...

CVE-2015-6456

GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password...

CVE-2015-6456

GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise are affected versions prior to 3.1.5, which contain hard-coded credentials for a hidden support account. This enables remote attackers to obtain administrative access and potentially execute arbitrary code. Public advisories (ZDI-15-440; ...

Hardcoded credentials

The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafted web site...

Hardcoded credentials

The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL...

ManageEngine OpManager 11.5 Hardcoded Credential / SQL Bypass

Exploit Title: ManageEngine OpManager multiple vulnerabilities Product: ManageEngine OpManager Vulnerable Versions: v11.5 and previous versions Tested Version: v11.5 Windows Advisory Publication: 14/09/2015 Vulnerability Type: hardcoded credentials, SQL query protection bypass Credit: xistence...

Silver Peak VXOA 6.2.11 - Multiple Vulnerabilities

Silver Peak VXOA 6.2.11 - Multiple Vulnerabilities , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Silver Peak VXOA Multiple Vulnerabilities Affected versions: Silver Peak VX 6.2.11 PDF:...

Silver Peak VXOA < 6.2.11 - Multiple Vulnerabilities

Silver Peak VX virtual appliance running VXOA before version 6.2.11 contains a number of security vulnerabilities, including command injection, unauthenticated file read, mass assignment, shell upload, and hardcoded credentials. By combining these vulnerabilities, an attacker may remotely obtain...

Silver Peak VXOA &lt; 6.2.11 - Multiple Vulnerabilities

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Silver Peak VXOA Multiple Vulnerabilities Affected versions: Silver Peak VX 6.2.11 PDF:...

Hardcoded credentials

Impero Education Pro before 5105 uses a hardcoded CBC key and initialization vector derived from a hash of the Imp3ro string, which makes it easier for remote attackers to obtain plaintext data by sniffing the network for ciphertext data...

[ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials

ERPSCAN Research Advisory ERPSCAN-15-015 SAP NetWeaver AS ABAP– Hardcoded Credentials Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS ABAP, probably others Vendor URL: http://SAP.com Bugs: Hardcoded credentials Sent: 06.03.2014 Reported: 07.03.2014 Vendor response: 07.03.2014 Date ...

SAP NetWeaver hardcoded credentials

No description provided...

[ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials

ERPSCAN Research Advisory ERPSCAN-15-016 SAP NetWeaver – Hardcoded credentials Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS ABAP, probably others Vendor URL: http://SAP.com Bugs: Hardcoded credentials Sent: 06.03.2014 Reported: 07.03.2014 Vendor response: 07.03.2014 Date of Publ...