8064 matches found
PT-2019-16763 · Premisys · Premisys Identicard
Name of the Vulnerable Software and Affected Versions: Premisys Identicard version 3.1.190 Description: The issue concerns the storage of backup files as encrypted zip files with a hard-coded and unchangeable password. This allows an attacker with access to these backups to decrypt them and obtai...
CVE-2019-0020
Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3...
CVE-2019-0022
Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3...
CVE-2019-0020
Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3...
CVE-2019-0022
Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3...
CVE-2019-0020 Juniper ATP: Hard coded credentials used in Web Collector
Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3...
CVE-2019-0022
CVE-2019-0022 describes a vulnerability in Juniper ATP where the Cyphort Core instance ships with hard-coded credentials , enabling an attacker to gain full control of an affected installation. The impact affects Juniper ATP 5.0 releases prior to 5.0.3, with a network-accessible vector and high s...
CVE-2019-0020
The CVE-2019-0020 entry concerns Juniper ATP: hard-coded credentials in the Web Collector component, enabling an attacker to gain full control of affected installations. Affected releases are Juniper ATP 5.0 versions prior to 5.0.3. The root cause is the presence of hard-coded credentials in the ...
CVE-2019-0022 Juniper ATP: Two hard coded credentials sharing the same password give an attacker the ability to take control of any installation of the software.
Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3...
LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Equipment: LAquis SCADA Vulnerabilities: Improper Input Validation, Out-of-Bounds Read, Code Injection, Untrusted Pointer Dereference,...
Cisco VoIP Script Insertion / Weak Passwords / Undocumented Functionality
Cisco VoIP phone such as models 88XX suffer from script insertion, weak and hard-coded passwords, undocumented debug functionality, and various outdated components with known vulnerabilities. ======================================================================= title: Multiple Vulnerabilities...
CVE-2018-16201
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands...
CVE-2018-16186
RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached D5520, D6500, D6510, D7500, D8400, and the display versions with RICOH Interactive Whiteboard Controller Type2 V3....
CVE-2018-16186
RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached D5520, D6500, D6510, D7500, D8400, and the display versions with RICOH Interactive Whiteboard Controller Type2 V3....
CVE-2018-16201
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands...
CVE-2018-16201
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands...
CVE-2018-16201
The CVE-2018-16201 issue affects Toshiba Home gateway models HEM-GW16A and HEM-GW26A (firmware 1.2.9 and earlier). It stems from hard-coded credentials, potentially allowing an attacker on the same network segment to log into the administrator settings screen and, from there, change configuration...
CVE-2018-16186
RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached D5520, D6500, D6510, D7500, D8400, and the display versions with RICOH Interactive Whiteboard Controller Type2 V3....
CVE-2018-16186
CVE-2018-16186 concerns Ricoh Interactive Whiteboard devices and displays. The connected sources indicate hard-coded administrator credentials in multiple components: D2200, D5500, D5510 (V1.1–V2.2) and displays using Controller Type1 (V1.1–V2.2) attached to D5520, D6500, D6510, D7500, D8400, plu...
SSH Known Hard Coded Private Keys
The remote host is running a service that is using a publicly known SSH private key. An attacker may use this key to decrypt intercepted traffic between users and the device. A remote attacker can also perform a man-in-the-middle attack in order to gain access to the system or modify data in...