Hardcoded credentials

The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text...

Siemens SIMATIC HMI Panels and TIA Portal <= v15.1 Update 1 Hardcoded Credentials (ICSA-19-134-09)

Binary data 720274.prm...

Hardcoded credentials

Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML...

Hardcoded credentials

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board tail contents" parameter, aka the adm/boardformupdate.php bomobilecontenttail parameter...

Hardcoded credentials

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board head contents" parameter, aka the adm/boardformupdate.php bocontenthead parameter...

Hardcoded credentials

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board title contents" parameter, aka the adm/boardformupdate.php bosubject parameter...

CVE-2019-12327

Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow an attacker to get access to the device via telnet. The telnet service is running on port 2323; it cannot be turned off and the credentials cannot be changed...

Hardcoded credentials

Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow an attacker to get access to the device via telnet. The telnet service is running on port 2323; it cannot be turned off and the credentials cannot be changed...

CVE-2019-12327

Summary: CVE-2019-12327 affects Akuvox R50P VoIP phone (version 50.0.6.156). The issue arises from hardcoded credentials, enabling an attacker to access the device via telnet on port 2323. The telnet service cannot be turned off and credentials cannot be changed, per the provided sources. Affecte...

CVE-2019-12327

Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow an attacker to get access to the device via telnet. The telnet service is running on port 2323; it cannot be turned off and the credentials cannot be changed...

Hardcoded credentials

Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to a local Denial of Service affecting CmdVirth.exe via its LPC port "cmdvrtLPCServerPort". A low privileged local process can connect to this port and send an LPCDATAGRAM, which triggers an Access Violation due to hardcoded NULLs used fo...

Hardcoded credentials

In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATHINFO to the dashboards/ URI...

Hardcoded credentials

main/streams/xpsocket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen'127.0.0.1:80', 443 as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number i.e...

Hardcoded credentials

On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration aka setAutoLogin can be achieved by continuing to use a session ID after a logout, aka HMCCU-154...

CVE-2019-3950

Arlo Basestation firmware 1.12.0.127940 and prior contain a hardcoded username and password combination that allows root access to the device when an onboard serial interface is connected to...

CVE-2019-3950

Arlo Basestation firmware 1.12.0.127940 and prior contain a hardcoded username and password combination that allows root access to the device when an onboard serial interface is connected to...

CVE-2019-3950

CVE-2019-3950 affects Arlo Base Station firmware 1.12.0.1_27940 and prior, enabling root access via a hardcoded username/password when the onboard serial interface is available. The UART weakness is reinforced by a hardcoded encryption key, and a second issue (CVE-2019-3950) involves a networking...

Hardcoded credentials

Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation...

Hardcoded credentials

WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset the ADMIN password and thus gain remote...

CVE-2017-8226

Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a...