3819 matches found
Hardcoded credentials
A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function VNF instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service e.g. SSH on the VNF, either locally, or...
CVE-2020-1614
CVE-2020-1614 : A hard-coded credentials vulnerability affects the Juniper Networks NFX250 Series vSRX VNF. It targets the vSRX VNF instance on versions prior to 19.2R1 and occurs when the root password has not been configured, allowing an attacker with access to an administrative service (e.g., ...
CVE-2019-13559
The CVE-2019-13559 issue affects GE Mark VIe Controllers, where hard-coded credentials may allow a root-user access if a device is deployed with default credentials. The ICSA advisory confirms two vulnerabilities: Improper Authorization and Use of Hard-coded Credentials, indicating local access c...
CVE-2019-13559
GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller. A limited application of the affected product may ship without setup and configuration instructions immediately available to the end user. The bulk of controllers go int...
Security Bulletin: Authentication Bypass, Arbitrary Directory Deletion, and Command Injection vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4208, CVE-2020-4214, CVE-2020-4206, CVE-2020-4241, CVE-2020-4242)
Summary IBM Spectrum Protect Plus is vulnerable to authentication bypass, arbitrary directory deletion, and command injection which allows a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2020-4208 DESCRIPTION: IBM Spectrum Protect Plus contains hard-cod...
IBM Spectrum Protect Plus Authentication Bypass Vulnerability
IBM Spectrum Protect Plus is a suite of data protection platforms from IBM USA. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. A security vulnerability exists in IBM...
CVE-2020-4208
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174975...
CVE-2020-4208
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174975...
CVE-2020-4208
CVE-2020-4208 affects IBM Spectrum Protect Plus 10.1.0–10.1.5, where hard-coded credentials are used for inbound authentication, outbound communication, or internal data encryption. The root cause is hard-coded credentials in the product, leading to exposure of authentication and potential unauth...
CVE-2020-4208
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174975...
The vulnerability of the CommandLineService component of the Foglight Evolve platform, which stems from the use of hard-coded user credentials “__service__ user”, allows attackers to execute arbitrary code.
The vulnerability of the CommandLineService component of the Foglight Evolve platform is related to the use of hard-coded user credentials “service user”. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
Multiple DDoS Botnets Exploited 0-Day Flaws in LILIN DVR Surveillance Systems
Multiple zero-day vulnerabilities in digital video recorders DVRs for surveillance systems manufactured by Taiwan-based LILIN have been exploited by botnet operators to infect and co-opt vulnerable devices into a family of denial-of-service bots. The findings come from Chinese security firm Qihoo...
RICOH SP C250DN Trust Management Issues Vulnerability
The RICOH SP C250DN is a printer from the Japanese company Ricoh RICOH. A security vulnerability exists in the Ricoh SP C250DN version 1.05, which originates from the presence of hard-coded FTP service credentials in the printer firmware. The vulnerability can be exploited by an attacker to acces...
Quest Foglight Evolve CommandLineService Use of Hard-coded Credentials Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve. Authentication is not required to exploit this vulnerability. The specific flaw exists within the service user account. The product contains a hard-coded password for this...
Unspecified Vulnerability in IBM Security Information Queue
IBM Security Information Queue is a data integration product from IBM USA. The product utilizes Kafka technology and a publish-subscribe model to integrate data between IBM security products. A security vulnerability exists in IBM Security Information Queue ISIQ that stems from the program's use ...
Moxa AWK-3131A Series Industrial AP/Bridge/Client
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low skill level is needed to exploit/public exploits are available Vendor: Moxa Equipment: Moxa AWK-3131A Vulnerabilities: Improper Access Control, Use of Hard-coded Cryptographic Key, OS Command Injection, Use of Hard-coded...
CVE-2020-4283
IBM Security Information Queue ISIQ 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 1762...
CVE-2020-4283
IBM Security Information Queue ISIQ 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 1762...
CVE-2020-4283
IBM Security Information Queue ISIQ 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 1762...
CVE-2020-4283
CVE-2020-4283 affects IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.4. The IBM bulletin confirms a hard-coded credential issue: the JWT secret is stored in plain text in a YAML file (as of v1.0.5, an encrypted JWT secret is generated during configuration). The vulnerability enables aut...