Hardcoded credentials

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents...

Hardcoded credentials

Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data...

CVE-2019-3906

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents...

CVE-2019-3906

CVE-2019-3906 affects IDenticard PremiSys (Identicard) Identicard 3.1.190. The root cause is use of hard-coded credentials in the PremiSys WCF service (port 9003), enabling an authenticated remote attacker to access/modify the badge system database with admin privileges. Mitigation per ICS-CERT U...

PT-2019-16761 · Premisys · Premisys Identicard

Name of the Vulnerable Software and Affected Versions: Premisys Identicard version 3.1.190 Description: The issue concerns hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can exploit these credentials to access and modify the badge system database...

Juniper ATP has an unspecified vulnerability (CNVD-2019-39195)

Juniper Advanced Threat Prevention ATP is a suite of advanced threat protection platforms from Juniper Networks. The product supports malware detection, file analysis, and malicious IP address and URL blocking. A security vulnerability exists in Juniper ATP version 5.0.3 prior to version 5.0, whi...

Hardcoded credentials

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3...

Hardcoded credentials

Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juniper ATP 5.0 versions prior to 5.0.3...

Hardcoded credentials

RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached D5520, D6500, D6510, D7500, D8400, and the display versions with RICOH Interactive Whiteboard Controller Type2 V3....

Hardcoded credentials

Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands...

Hardcoded credentials

JavaScript alert handling in Prompts in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Hardcoded credentials

Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page...

Hardcoded credentials

Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page...

Hardcoded credentials

Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Hardcoded credentials

Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page...

Hardcoded credentials

Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Hardcoded credentials

Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page...

Guardzilla IoT Camera Hardcoded Credentials Vulnerability

The Guardzilla All-In-One Video Security System is an in-home security platform that provides indoor video surveillance. A hard-coded credential vulnerability exists in Guardzilla IoT cameras. The vulnerability exists in the Amazon Simple Storage Service S3 credentials within the Guardzilla...

Hardcoded credentials

Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system...

Hardcoded credentials

A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12v1 and earlier, which could enable an attacker to gain access to the device...