3032 matches found
Hardcoded credentials
The BBE theme before 1.53 for WordPress allows a direct launch of an HTML editor...
Intelbras NCLOUD 300 1.0 Authentication Bypass
coding: utf-8 Exploit Title: Intelbras NCloud Authentication bypass Date: 16/05/2018 Exploit Author: Pedro Aguiar - [email protected] Vendor Homepage: http://www.intelbras.com.br/ Software Link: http://www.intelbras.com.br/empresarial/wi-fi/para-sua-casa/roteadores/ncloud Version: 1.0 Test...
Intelbras NCLOUD 300 1.0 - Authentication bypass Exploit
Exploit for hardware platform in category web applications coding: utf-8 Exploit Title: Intelbras NCloud Authentication bypass Date: 16/05/2018 Exploit Author: Pedro Aguiar - email protected Vendor Homepage: http://www.intelbras.com.br/ Software Link:...
Intelbras NCLOUD 300 1.0 - Authentication bypass
coding: utf-8 Exploit Title: Intelbras NCloud Authentication bypass Date: 16/05/2018 Exploit Author: Pedro Aguiar - [email protected] Vendor Homepage: http://www.intelbras.com.br/ Software Link: http://www.intelbras.com.br/empresarial/wi-fi/para-sua-casa/roteadores/ncloud Version: 1.0 Test...
Hardcoded credentials
The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell...
Hardcoded credentials
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell...
Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance
Multiple vulnerabilities in NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS Surveillance application Discovered by Pedro Ribeiro [email protected], Agile Information Security http://www.agileinfosec.co.uk/ Disclosure: 04/08/2016 / Last updated: 05/08/2016 Background on the affected...
Hardcoded credentials
Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql...
Use of hardcoded credentials for communication between Meru access points and FortiWLC
FortiWLC included two hardcoded accounts which were used by Meru Access Points to report core dumps; these accounts had read/write privileges over various parts of the system. Starting with FortiWLC 7.0.13 and FortiWLC 8.4.0, the accounts are now completely removed and do not persist over firmwar...
WatchGuard AP100, AP102 and AP200 Hardcoded Credentials Vulnerability
The WatchGuard AP100, AP102 and AP200 are all different series of indoor wireless access point devices from WatchGuard USA. A security vulnerability exists in the WatchGuard AP100, AP102, and AP200 using firmware versions prior to 1.2.9.15 that stems from the program's use of hard-coded...
Hardcoded credentials
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false...
CVE-2018-10575
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false...
CVE-2018-10575
WatchGuard AP100/ AP102/ AP200 devices with firmware before 1.2.9.15 contain hard-coded credentials for an unprivileged SSH account with a /bin/false shell, enabling pre-auth remote access and potential remote code execution. Public exploit modules (Metasploit-related) reference CVE-2018-10575, a...
CVE-2018-10575
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false...
Hardcoded credentials
The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevate...
Hardcoded credentials
Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream...
Hardcoded credentials
LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service browser hang via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements...
Hardcoded credentials
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS...
Hardcoded credentials
The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access...
Hardcoded credentials
Target influence via framing vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames...