CVE-2018-0663

Multiple I-O DATA network camera products TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via...

CVE-2018-0663

CVE-2018-0663 affects several I-O DATA network cameras: TS-WRLP (firmware ≤ 1.09.04), TS-WRLA (≤ 1.09.04), and TS-WRLP/E (≤ 1.09.04). The issue is use of hardcoded credentials, which may let a remote authenticated attacker execute arbitrary OS commands on the device via an unspecified vector. Aff...

Hardcoded credentials

Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation, as demonstrated by...

PLANEX CS-W50HD Hardcoded Credentials Vulnerability (HTTP)

PLANEX CS-W50HD network camera are using hardcoded credentials for the HTTP login. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Hardcoded credentials

A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information...

Hardcoded credentials

A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information...

Hardcoded credentials

A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by...

Hardcoded credentials

Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

CVE-2017-12577

An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password "admin:password" is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission...

Hardcoded credentials

An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password "admin:password" is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission...

CVE-2017-12574

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; th...

CVE-2017-12577

An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password "admin:password" is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission...

Hardcoded credentials

POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients...

CVE-2018-15808

POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients...

CVE-2018-15808

POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients...

CVE-2018-15808

POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients...

Hardcoded credentials

apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism...

Hardcoded credentials

The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to...

Hardcoded credentials

Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document...

Hardcoded credentials

Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could...