3032 matches found
Hardcoded credentials
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the sandbox via a crafted HTML page...
Hardcoded credentials
Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
Hardcoded credentials
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page...
Hardcoded credentials
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
Hardcoded credentials
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
Hardcoded credentials
Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 certificate for a randomly selected vhost in its...
Hardcoded credentials
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded Pxift password in some cases...
Hardcoded credentials
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded BpP+2R9Q password in some case...
Hardcoded credentials
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. There is a hardcoded Ak47@99 password for the factory account...
Hardcoded credentials
A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admi...
CVE-2018-10532
An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70E102.0019 devices. Hardcoded root SSH credentials were discovered to be stored within the "coreapp" binary utilised by the EE router for networking services. An attacker with knowledge of the default password oelinux123 could login to the rout...
Hardcoded credentials
An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70E102.0019 devices. Hardcoded root SSH credentials were discovered to be stored within the "coreapp" binary utilised by the EE router for networking services. An attacker with knowledge of the default password oelinux123 could login to the rout...
CVE-2018-10532
An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70E102.0019 devices. Hardcoded root SSH credentials were discovered to be stored within the "coreapp" binary utilised by the EE router for networking services. An attacker with knowledge of the default password oelinux123 could login to the rout...
CVE-2018-10532
An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70E102.0019 devices. Hardcoded root SSH credentials were discovered to be stored within the "coreapp" binary utilised by the EE router for networking services. An attacker with knowledge of the default password oelinux123 could login to the rout...
CVE-2018-10532
CVE-2018-10532 affects EE 4GEE HH70VB-2BE8GB3 devices running HH70_E1_02.00_19. The vulnerability stems from hardcoded root SSH credentials stored in the core_app binary, allowing an attacker who knows the default password (oelinux123) to log in as root via SSH. This can lead to loss of confident...
Hardcoded credentials
The server API in the Anda app relies on hardcoded credentials...
CVE-2018-13342
The server API in the Anda app relies on hardcoded credentials...
CVE-2018-13342
The server API in the Anda app relies on hardcoded credentials...
CVE-2018-13342
CVE-2018-13342: The Anda app’s server API is vulnerable due to hardcoded credentials in its authentication flow. According to NVD, the CVSS scores are 7.5 (2.0) and 9.8 (3.0), indicating a high/critical impact with network access, no authentication, and full compromise of confidentiality, integri...
Hardcoded credentials
SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices have a Hard-coded Password...