PT-2018-16943 · Auto Maskin +3 · Auto-Maskin Dcu-210E +3

Name of the Vulnerable Software and Affected Versions: Auto-Maskin DCU-210E RP-210E versions prior to 3.7 on ARMv7 Description: The firmware of the Auto-Maskin DCU 210E contains an undocumented Dropbear SSH server, version 2015.55, which listens on Port 22. This server is configured with a...

Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App

Overview Auto-Maskin RP remote panels and DCU controls units are used to monitor and control ship engines. The units have several authentication and encryption vulnerabilities which can allow attackers to access the units and control connected engines. Description CWE 798: ​Use of Hard-Coded...

CVE-2018-15389 Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability

A vulnerability in the install function of Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded...

CVE-2018-15389 Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability

A vulnerability in the install function of Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded...

CVE-2018-15389

Cisco Prime Collaboration Provisioning (PCP) contains a vulnerability in its install function that allows an unauthenticated, remote attacker to reach the administrative web interface by using a default hard-coded username/password used during install. This can grant administrator-level access. M...

Security Bulletin: IBM Security Key Lifecycle Manager Uses Hard-coded Credentials (CVE-2018-1742)

Summary IBMSecurity Key Lifecycle Manager contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. Vulnerability Details CVEID: CVE-2018-1742...

Multiple vulnerabilities in Denbun

Overview Denbun provided by NEOJAPAN Inc. is a WebMail System. Denbun contains multiple vulnerabilities listed below. Hard-coded credentials for user account CWE-798 - CVE-2018-0680 Hard-coded credentials for the configuration management page CWE-798 - CVE-2018-0681 Improper session management...

JVN#00344155: Multiple vulnerabilities in Denbun

Denbun provided by NEOJAPAN Inc. is a WebMail System. Denbun contains multiple vulnerabilities listed below. Hard-coded credentials for user account CWE-798 - CVE-2018-0680 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2|...

Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability

A vulnerability in the install function of Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install. The vulnerability is due to a hard-coded...

CVE-2018-15753

An issue was discovered in the MensaMax aka com.breustedt.mensamax application 4.3 for Android. The use of a Hard-coded DES Cryptographic Key allows an attacker who decodes the application to decrypt transmitted data such as the login username and password...

Security Bulletin: IBM Data Science Experience Local is affected by a Use of Hard-coded Password vulnerability

Summary IBM Data Science Experience Local has addressed the following vulnerability. Password for Data Science Experience Local Hadoop Integration server certificate private key is hard-coded. Vulnerability Details CVEID: Not Applicable DESCRIPTION: No CVE description. CVSS Base Score: 7.5 CVSS...

CVE-2018-15753

An issue was discovered in the MensaMax aka com.breustedt.mensamax application 4.3 for Android. The use of a Hard-coded DES Cryptographic Key allows an attacker who decodes the application to decrypt transmitted data such as the login username and password...

CVE-2018-15753

The CVE-2018-15753 entry concerns MensaMax Android app (com.breustedt.mensamax) version 4.3. The issue is a hard-coded DES cryptographic key embedded in the app, which allows an attacker who decompiles the APK to decrypt transmitted data (e.g., login username and password). Public references note...

CVE-2018-8856

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data...

CVE-2018-8856

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data...

CVE-2018-8856

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data...

CVE-2018-8856

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data...

CVE-2018-8856

This CVE affects Philips e-Alert Unit (non-medical device), Versions R2.1 and prior. The issue is the use of a hard-coded cryptographic key for internal data encryption (CWE-798), which enables high-severity impact. Per the connected docs, CVSS v3 base score is 9.8 (critical) with remote/network ...

Collectric CMU 1.0 - lang Hard-Coded Credentials SQL injection

Collectric CMU 1.0 - lang Hard-Coded Credentials SQL injection Exploit Title: Collectric CMU 1.0 - 'lang' SQL injection Google Dork: "Inloggning Collectric CMU" Discoverer: Simon Brannstrom Date: 2018-09-15 Vendor Homepage: http://ourenergy.se/ Software Link: n/a Version: All known versions Teste...

Collectric CMU 1.0 - 'lang' Hard-Coded Credentials / SQL injection

Exploit Title: Collectric CMU 1.0 - 'lang' SQL injection Google Dork: "Inloggning Collectric CMU" Discoverer: Simon Brannstrom Date: 2018-09-15 Vendor Homepage: http://ourenergy.se/ Software Link: n/a Version: All known versions Tested on: Linux CVE: N/A About: Collectric CMU is a Swedish made...