Cisco Wide Area Application Services Software Static SNMP Credentials Vulnerability

Cisco Wide Area Application Services WAAS Software is the United States Cisco Cisco company's set of WAN link acceleration software. The software is mainly used for small bandwidth and high latency link environment. A security vulnerability in the default configuration of the Simple Network...

CVE-2018-10966

An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the account they wish to take over, and re-sign it using the hard coded secret...

CVE-2018-11722

WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UCKEY' is hard coded...

CVE-2018-11722

WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UCKEY' is hard coded...

Lenovo Fingerprint Manager Pro for Windows 7, 8, and 8.1 only (not 10) Insecure Credential Storage - Lenovo Support NL

No description provided...

Access Control Error Vulnerability in Multiple TP-LINK Products

TP-LINK IPC TL-IPC223P-6 and so on are all different models of network camera products from China P&L TP-LINK. An access control error vulnerability exists in the /usr/lib/lua/luci/websys.lua file in several TP-LINK products, which stems from the program's use of hard-coded passwords, which could...

PT-2018-45: Hard-coded Credentials in EVLink Parking

The specialists of the Positive Research center have detected an Hard-coded Credentials vulnerability in the EVLink Parking product. A hard-coded credentials vulnerability in Schneider Electric’s EVLink Parking allows attackers to obtain unauthorized access to the device. How to fix Use vendor's...

Yokogawa STARDOM Controllers (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Yokogawa Equipment: STARDOM Controllers --------- Begin Update A Part 1 of 5 -------- Vulnerabilities: Use of Hard-coded Credentials, Session Fixation, Insufficiently Protected Credentials,...

Trend Micro Email Encryption Gateway Authentication Vulnerability

Trend Micro Email Encryption is a suite of identity-based email encryption solutions from Trend Micro, Inc. The Trend Micro Email Encryption Gateway TMEEG is one of the gateway products that provides data protection. A security vulnerability exists in the DBCrypto class in Trend Micro TMEEG versi...

D-Link DIR-620 Router Information Disclosure Vulnerability

D-link DIR-620 is a wireless router product of AUO D-Link. web server is one of the web servers. A security vulnerability exists in the web server of the D-Link DIR-620, which originates from the use of a hard-coded password for the admin account. An attacker can exploit this vulnerability to...

mySCADA myPRO File Upload Vulnerability

mySCADA myPRO is an industrial visualization control system from mySCADA Technologies, Czech Republic. A security vulnerability exists in the file 'myscadagate.exe' in mySCADA myPRO version 7, which originates from the program's use of a hard-coded FTP account username: myscada, password: Vikuk63...

mySCADA myPRO 7 - Hard-Coded Credentials Vulnerability

Exploit for multiple platform in category remote exploits Exploit Title: mySCADA myPRO 7 - Hardcoded FTP Username and Password Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://www.myscada.org/mypro/ Software Link: https://www.myscada.org/download/ Version: v7 Tested on: Linux, Windows I. Probl...

CVE-2016-9335

A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed...

TP-Link EAP Controller and Omada Controller Hardcoding Vulnerability

TP-Link EAP Controller and Omada Controller are both software from China P&L TP-LINK for remote control of wireless AP access point devices. A security vulnerability exists in the Web application backup file in TP-Link EAP Controller and Omada Controller versions 2.5.4Windows and 2.6.0Windows,...

Directus Elevation of Privilege Vulnerability

Directus is a content management system CMS. A security vulnerability exists in Directus version 6.4.9 that stems from the use of a hard-coded password: admin for the Admin account, which can be exploited by an attacker to elevate privileges...

Fortinet FortiWLC Hard-Coded Account Vulnerability

FortiWLC is a wireless controller from Fortinet. A hard-coded account vulnerability exists in Fortinet FortiWLC 8.3.3. An attacker can exploit this vulnerability to gain unauthorized read/write access via a remote shell...

Philips Brilliance CT Scanners Hard-Coded Certificate Vulnerability

The Philips Brilliance 64, among others, is a CT scanner device from the Dutch company Philips. A security vulnerability exists in a number of Philips Brilliance CT devices that stems from software in the device that uses hard-coded credentials e.g., passwords or encryption keys. An attacker coul...

TP-Link EAP Controller CSRF / Hard-Coded Key / XSS

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ TP-Link EAP Controller Multiple Vulnerabilities 1. Advisory Information Title: TP-Link EAP Controller Multiple Vulnerabilities Advisory ID: CORE-2018-0001 Advisory URL:...

CVE-2018-10167

The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in...

CVE-2018-10167

The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in...