CVE-2020-8995

The CVE-2020-8995 entry concerns Programi Bilanc Build 007 Release 014 (dated 31.01.2020): a .exe contains hardcoded credentials to multiple servers, enabling remote attackers to access the website, update server, and external issue tracking tools. The root cause is embedded credentials in the ex...

CVE-2020-8995

Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools...

Bilanc Shpk Programi Bilanc Trust Management Issues Vulnerabilities

Bilanc Shpk Programi Bilanc is a software for generating balance sheets from Bilanc Shpk, Alphania. A security vulnerability exists in Bilanc Shpk Programi Bilanc version 007014 31.01.2020, which stems from the Programi Bilanc Build providing an .exe file with several hardcoded credentials allowi...

SolarWinds N-Central Trust Management Issue Vulnerability

SolarWinds N-Central is an IT device management platform from SolarWinds Singapore. The platform provides proactive monitoring of everything on a customer's network, not just servers and workstations, and rapid troubleshooting using features such as MFA, antivirus, integrated endpoint detection a...

Hardcoded credentials

AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web client. The same hardcoded SSL private key is used across different customers' installations when no other SSL certificate is installed, which allows remote attackers to defeat cryptographic protection...

Hardcoded credentials

An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded Credentials exist by default for local user accounts named email protected and email protected. These allow logins to the N-Central Administrative Console NAC and/or the regular web interface...

Hardcoded credentials

An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. A hardcoded RSA private key specific to V1600D4L and V1600D-MINI is contained in the firmware images...

Hardcoded credentials

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key specific to V1600D, V1600G1, and V1600G2 is contained in the firmware images...

Hardcoded credentials

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. An low-privileged non-admin attacker can use a hardcoded password 4ef9cea10b2362f15ba4558b1d5c081f to create an admin user...

Hardcoded credentials

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. ...

CVE-2020-28329

Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19...

Hardcoded credentials

Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19...

Hardcoded credentials

Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Versions: 2.5.1.8. An attacker armed with hardcoded API credentials retrieved by exploiting CVE-2020-28329 can issue an authenticated query to display the admin password for the main web user interface listenin...

Hardcoded credentials

IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454...

Barco wePresent Hardcoded API Credentials

KL-001-2020-004 : Barco wePresent Hardcoded API Credentials Title: Barco wePresent Hardcoded API Credentials Advisory ID: KL-001-2020-004 Publication Date: 2020.11.20 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-004.txt 1. Vulnerability Details Affected Vendor: Barco...

Hardcoded credentials

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files...

Adtec Digital Products Hardcoded Credentials / Remote Root

Exploit Title: Adtec Digital Multiple Products - Default Hardcoded Credentials Remote Root Date: 2020-07-24 Exploit Author: LiquidWorm Software Link: https://www.adtecdigital.com / https://www.adtecdigital.com/support/documents-downloads Version: Multiple Adtec Digital Multiple Products - Default...

Hardcoded credentials

Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validatetoken.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header...

Adtec Digital Multiple Products Default/Hardcoded Credentials Remote Root

Summary Adtec Digital is a leading manufacturer of Broadcast, Cable and IPTV products and solutions. Description The devices utilizes hard-coded and default credentials within its Linux distribution image for Web/Telnet/SSH access. A remote attacker could exploit this vulnerability by logging in...

Hardcoded credentials

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to b...