CVE-2016-9353

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use...

CVE-2016-8361

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication...

CVE-2016-8567

An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP...

CVE-2016-8361

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication...

CVE-2016-5818

An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device...

CVE-2016-8567

CVE-2016-8567 affects Siemens SICAM PAS prior to version 8.00. A factory account with hard-coded passwords could allow attackers to gain privileged access to the SICAM PAS database via port 2638/TCP. The vulnerability is rated high/critical (CVSS v3 base 9.8) with remote exploitation potential. S...

CVE-2016-8567

An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP...

CVE-2016-5818

CVE-2016-5818 affects Schneider Electric PowerLogic PM8ECC module up to version 2.651. The vulnerability arises from undocumented hard-coded credentials that grant access to the device, enabling remote access to configuration data. Public advisories note a remote-exploit possibility; no widely kn...

CVE-2016-8361

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication...

CVE-2016-5818

An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device...

BINOM3 Electric Power Quality Meter Hard-Coded Vulnerability

BINOM3 Electric Power Quality Meter is an electrical power quality monitor for SCADA systems from the Russian company BINOM3. A hard-coded vulnerability exists in BINOM3 Electric Power Quality Meter, where users do not have permission to change their passwords...

CVE-2016-8954

IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database...

Hardcoded credentials

IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database...

CVE-2016-8954

IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database...

CVE-2016-8954

IBM dashDB Local (v1.0.0–v1.3.1) is affected by CVE-2016-8954 due to hard-coded credentials that could allow a remote attacker to access the Docker container or the database. The IBM security bulletin confirms a high-severity flaw (CVSS v3 base 9.8) with remote, unauthenticated access leading to ...

[SECURITY] [DLA 795-1] hesiod security update

Package : hesiod Version : 3.0.2-21+deb7u1 CVE IDs : CVE-2016-10151 CVE-2016-10152 Debian Bugs : 852094, 852093 It was discovered that there were two vulnerabilities in hesiod, Project Athenas DNS-based directory service: CVE-2016-10151: A weak SUID check allowing privilege elevation...

IBM dashDB Local Hardcoding Vulnerability

IBM dashDB Local is a next-generation data warehouse storage and analytics solution from IBM USA for use in private clouds, virtual private clouds, and other container-enabled infrastructures. The solution features flexible container delivery, hybrid environment to store data, Spark in-memory bas...

D-Link DGS-1100 Switch Local Hardcoded SSL Certificate Vulnerability

The D-Link DGS-1100 is an Ethernet switch from AUO D-Link. A security vulnerability exists in D-Link DGS-1100 devices using firmware version 1.01.018, which originates from a program using a hard-coded SSL private key. An attacker can exploit the vulnerability by hijacking an HTTPS session to...

FTC: D-Link Failed to Secure Routers, IP Cameras

The Federal Trade Commission acknowledged on Thursday that it takes the security of the so-called internet of things seriously when it leveraged a complaint against one of the more popular router manufacturers. The lawsuit, filed at the U.S. District Court for the Northern District of California,...

Zend Framework / zend-mail < 2.4.11 - Remote Code Execution

09607 09607 09607 See the full advisory URL for the exploit details. / // Attacker's input coming from untrusted source such as $GET , $POST etc. // For example from a Contact form with sender field $emailfrom = '"attacker" -oQ/tmp/ -X/var/www/cache/phpcode.php "@email.com'; // encoded phpinfo...