Lenovo Fingerprint Manager Pro for Windows 7, 8, and 8.1 only (not 10) Insecure Credential Storage - Lenovo Support NL

No description provided...

Access Control Error Vulnerability in Multiple TP-LINK Products

TP-LINK IPC TL-IPC223P-6 and so on are all different models of network camera products from China P&L TP-LINK. An access control error vulnerability exists in the /usr/lib/lua/luci/websys.lua file in several TP-LINK products, which stems from the program's use of hard-coded passwords, which could...

Yokogawa STARDOM Controllers (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Yokogawa Equipment: STARDOM Controllers --------- Begin Update A Part 1 of 5 -------- Vulnerabilities: Use of Hard-coded Credentials, Session Fixation, Insufficiently Protected Credentials,...

PT-2018-45: Hard-coded Credentials in EVLink Parking

The specialists of the Positive Research center have detected an Hard-coded Credentials vulnerability in the EVLink Parking product. A hard-coded credentials vulnerability in Schneider Electric’s EVLink Parking allows attackers to obtain unauthorized access to the device. How to fix Use vendor's...

Trend Micro Email Encryption Gateway Authentication Vulnerability

Trend Micro Email Encryption is a suite of identity-based email encryption solutions from Trend Micro, Inc. The Trend Micro Email Encryption Gateway TMEEG is one of the gateway products that provides data protection. A security vulnerability exists in the DBCrypto class in Trend Micro TMEEG versi...

D-Link DIR-620 Router Information Disclosure Vulnerability

D-link DIR-620 is a wireless router product of AUO D-Link. web server is one of the web servers. A security vulnerability exists in the web server of the D-Link DIR-620, which originates from the use of a hard-coded password for the admin account. An attacker can exploit this vulnerability to...

mySCADA myPRO File Upload Vulnerability

mySCADA myPRO is an industrial visualization control system from mySCADA Technologies, Czech Republic. A security vulnerability exists in the file 'myscadagate.exe' in mySCADA myPRO version 7, which originates from the program's use of a hard-coded FTP account username: myscada, password: Vikuk63...

mySCADA myPRO 7 - Hard-Coded Credentials Vulnerability

Exploit for multiple platform in category remote exploits Exploit Title: mySCADA myPRO 7 - Hardcoded FTP Username and Password Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://www.myscada.org/mypro/ Software Link: https://www.myscada.org/download/ Version: v7 Tested on: Linux, Windows I. Probl...

[SECURITY] Fedora 28 Update: matrix-synapse-0.28.1-1.fc28

Matrix is an ambitious new ecosystem for open federated Instant Messaging a nd VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is inten ded to showcase the concept of Matrix and let folks see the spec i...

CVE-2016-9335

A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed...

TP-Link EAP Controller and Omada Controller Hardcoding Vulnerability

TP-Link EAP Controller and Omada Controller are both software from China P&L TP-LINK for remote control of wireless AP access point devices. A security vulnerability exists in the Web application backup file in TP-Link EAP Controller and Omada Controller versions 2.5.4Windows and 2.6.0Windows,...

Directus Elevation of Privilege Vulnerability

Directus is a content management system CMS. A security vulnerability exists in Directus version 6.4.9 that stems from the use of a hard-coded password: admin for the Admin account, which can be exploited by an attacker to elevate privileges...

Fortinet FortiWLC Hard-Coded Account Vulnerability

FortiWLC is a wireless controller from Fortinet. A hard-coded account vulnerability exists in Fortinet FortiWLC 8.3.3. An attacker can exploit this vulnerability to gain unauthorized read/write access via a remote shell...

TP-Link EAP Controller CSRF / Hard-Coded Key / XSS

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ TP-Link EAP Controller Multiple Vulnerabilities 1. Advisory Information Title: TP-Link EAP Controller Multiple Vulnerabilities Advisory ID: CORE-2018-0001 Advisory URL:...

Philips Brilliance CT Scanners Hard-Coded Certificate Vulnerability

The Philips Brilliance 64, among others, is a CT scanner device from the Dutch company Philips. A security vulnerability exists in a number of Philips Brilliance CT devices that stems from software in the device that uses hard-coded credentials e.g., passwords or encryption keys. An attacker coul...

CVE-2018-10167

The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in...

CVE-2018-10167

The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in...

CVE-2018-10167

TP-Link EAP Controller and Omada Controller (Windows) versions 2.5.4_Windows and 2.6.0_Windows are affected by CVE-2018-10167 due to a hard-coded cryptographic key used to encrypt the web app backup file. A low-privilege user can decrypt and modify the backup to escalate privileges, including cre...

CVE-2018-10167

The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in...

Philips Brilliance Computed Tomography (CT) System (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low skill level to exploit Vendor: Philips --------- Begin Update A Part 1 of 3 ---------- Equipment: Brilliance CT Scanners and MX8000 Dual EXP --------- End Update A Part 1 of 3 ---------- Vulnerabilities: Execution with Unnecessary Privileges,...