CVE-2013-1603

Summary of CVE-2013-1603 and related D-Link IP Camera vulnerabilities (CVE‑2013‑1599, -1600, -1601, -1602, -1603): Core Security’s CORE-2013-0303 advisory documents OS command injection, several authentication issues, information leakage, and hard-coded credentials affecting D‑Link IP cameras (mo...

CVE-2020-6963

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center CIC Versions 4.X and 5.X, CARESCAPE Central Station CSCS Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execut...

CVE-2020-6963

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center CIC Versions 4.X and 5.X, CARESCAPE Central Station CSCS Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execut...

CVE-2020-6963

GE Healthcare GECARE/CSCS/CIC/ApexPro Telemetry Server and related components (ApexPro Telemetry Server 4.2 and prior; CARESCAPE Telemetry Server 4.2 and prior; CIC 4.X/5.X; CSCS 1.X, 2.X; B450/B650/B850 monitors) are affected by CVE-2020-6963 alongside a family of vulnerabilities (CVE-2020-6961/...

CVE-2019-16153

A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials...

CVE-2019-16153

A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials...

CVE-2019-16153

A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials...

CVE-2019-16153

A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials...

CVE-2019-16153

Fortinet FortiSIEM is affected by CVE-2019-16153 due to a hard-coded credential vulnerability in the FortiSIEM database component (versions 5.2.5 and below). An attacker could gain unauthorized access to the device database via static credentials. Red Hat/Symantec and Fortinet advisories corrobor...

CVE-2020-6857

CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary...

CVE-2020-6857

CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary...

Neowise CarbonFTP 1.4 Insecure Proprietary Password Encryption Exploit

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NEOWISE-CARBONFTP-v1.4-INSECURE-PROPRIETARY-PASSWORD-ENCRYPTION.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.neowise.com Product CarbonFTP v1.4 CarbonFTP is a...

CVE-2019-9493

The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain...

CVE-2019-9493

The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain...

CVE-2019-9493

The CVE-2019-9493 vulnerability affects AutoMobility’s MyCar Controls mobile apps, where hard-coded admin credentials in the app could let a remote, unauthenticated attacker issue commands to a target MyCar unit and extract data (potential location disclosure or vehicle access). Affected versions...

CVE-2019-9493 MyCar Controls uses hard-coded credentials

The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain...

FortiSIEM Database hard-coded Credentials

A hard-coded password vulnerability in the FortiSIEM database component may allow attackers to access the device database via the use of static credentials...

The vulnerability of Cisco RV320 and Cisco RV325 microprogrammed software lies in the presence of a hard-coded pair of open/closed key H.509 certificates and a static SSH host key, which allows an attacker to elevate their privileges.

The vulnerability of Cisco RV320 and Cisco RV325 router microprogramming software is related to the presence of a tightly encrypted pair of open/closed keys H.509 certificate and a static SSH host key. Exploiting this vulnerability allows an attacker operating remotely to enhance their privileges...

Cisco Data Center Network Manager SecurityManager Hard-coded Cryptographic Key Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the validation of SSO tokens of SOAP packets. The issue results from th...

WEMS BEMS 21.3.1 - Undocumented Backdoor Account Vulnerability

Exploit for hardware platform in category web applications Exploit: WEMS BEMS 21.3.1 - Undocumented Backdoor Account Author: LiquidWorm Vendor: WEMS Limited Product web page: https://www.wems.co.uk Advisory ID: ZSL-2019-5552 Advisory URL:...