CVE-2018-11635

Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication...

Authentication flaw

Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication...

CVE-2018-11641

Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a web service...

CVE-2018-11641

Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a web service...

CVE-2018-11635

Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication...

CVE-2018-11641

The vulnerability CVE-2018-11641 affects Dialogic PowerMedia XMS (administrative console) where the file /var/www/xms/application/controllers/gatherLogs.php uses hard-coded credentials. This allows remote attackers to interact with the web service in PowerMedia XMS 3.5 and earlier. Root cause is ...

CVE-2018-11641

Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a web service...

CVE-2018-8870

Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system...

CVE-2018-8870

Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system...

CVE-2018-8870 Medtronic MyCareLink Patient Monitor Use of Hard-coded Password

Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system...

CVE-2018-8870

CVE-2018-8870 affects Medtronic MyCareLink Monitors (models 24950 and 24952). The vulnerability is a hard-coded operating system password, enabling a physically proximate attacker who can open the device and connect via a debug port to gain privileged OS access. The ICS-CERT advisory corroborates...

Medtronic MyCareLink Patient Monitor

1. EXECUTIVE SUMMARY CVSS v3 6.4 Vendor: Medtronic Equipment: MyCareLink Patient Monitor Vulnerabilities: Use of Hard-coded Password, Exposed Dangerous Method or Function 2. RISK EVALUATION If exploited, these vulnerabilities may allow privileged access to the monitor’s operating system. However,...

HPE VAN SDN 2.7.18.0503 - Remote Root

''' -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability Title: HPE VAN SDN Unauthenticated Remote Root Vulnerability Advisory ID: KL-001-2018-008 Publication Date: 2018.06.25 Publication URL:...

HPE VAN SDN 2.7.18.0503 - Remote Root

HPE VAN SDN 2.7.18.0503 - Remote Root ''' -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability Title: HPE VAN SDN Unauthenticated Remote Root Vulnerability Advisory ID: KL-001-2018-008 Publication Date: 2018.06.25 Publication URL:...

HPE VAN SDN 2.7.18.0503 - Unauthenticated Remote Root Exploit

Exploit for linux platform in category web applications ''' -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability Title: HPE VAN SDN Unauthenticated Remote Root Vulnerability Advisory ID: KL-001-2018-008 Publication Date: 2018.06.2...

HP Enterprise VAN SDN Controller 2.7.18.0503 Remote Root

KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability Title: HPE VAN SDN Unauthenticated Remote Root Vulnerability Advisory ID: KL-001-2018-008 Publication Date: 2018.06.25 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2018-008.txt 1. Vulnerability Details...

Unspecified Vulnerability in Momentum Axel 720P

The Momentum Axel 720P is a dual-band HD camera that supports WiFi connectivity. A security vulnerability exists in the Momentum Axel 720P that stems from the use of hard-coded passwords for the root and admin accounts: EHLGVG. An attacker in close physical proximity could exploit this...

Security Bulletin: Potential hard-coded password vulnerability affects Rational Publishing Engine

Summary An undisclosed hard-coded password vulnerability affects Rational Publishing Engine. Vulnerability Details CVE ID: CVE-2017-1787 DESCRIPTION: IBM Publishing Engine contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user...

Security Bulletin: IBM QRadar SIEM contains hard-coded credentials (CVE-2016-2880)

Summary An IBM QRadar SIEM user with shell access could obtain the encryption key used to encrypt certain passwords. Vulnerability Details CVEID: CVE-2016-2880 DESCRIPTION: IBM QRadar stores the encryption key used to encrypt the service account password which can be obtained by a local user. CVS...

Security Bulletin: Use of Hard-coded Cryptographic Key vulenrability affects IBM Security Guardium Database Activity Monitor (CVE-2016-0235)

Summary IBM Security Guardium Database Activity Monitor uses a hard-coded password for the which is available to the administrator or a user with root access. This password could be used across other GRUB systems. Vulnerability Details CVEID: CVE-2016-0235 DESCRIPTION: IBM Security Guardium...