Hardcoded credentials

TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allows remote attackers to obtain administrative access via an FTP session...

D-Link IP cameras multiple security vulnerabilities

Code execution, authentication bypass, hardcoded credentials, information leakage...

Aastra IP Telephone Hardcoded Credentials (Telnet)

Aastra IP Telephone is using known hardcoded credentials. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Hardcoded credentials

1 contrib/gforge-3.0-cronjobs.patch, 2 cronjobs/homedirs.php, 3 deb-specific/fileforge.pl, 4 deb-specific/groupdumpupdate.pl, 5 deb-specific/sshdumpupdate.pl, 6 deb-specific/userdumpupdate.pl, 7 plugins/scmbzr/common/BzrPlugin.class.php, 8 plugins/scmcvs/common/CVSPlugin.class.php, 9...

Hardcoded credentials

360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hardcoded password for the root account, which makes it easier for remote attackers to execute arbitrary code, or modify video content or scheduling, via an SSH session...

Hardcoded credentials

Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors...

Hardcoded credentials

The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors...

Hardcoded credentials

Siemens RuggedCom Rugged Operating System ROS before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network...

Hardcoded credentials

Carlo Gavazzi EOS-Box with firmware before 1.0.0.10802.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password in a PHP script, a similar issue to CVE-2012-5862...

Hardcoded credentials

The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request...

Novell ZENworks Asset Management rtrlet Component GetFile_Password Method Hardcoded Credentials Information Disclosure

The remote host has a version of Novell ZENworks Asset Management that is affected by an arbitrary information disclosure vulnerability. The 'GetFilePassword' maintenance call in '/rtrlet/rtr' is protected by a set of known, hard-coded credentials. This maintenance call can be utilized by an...

Hardcoded credentials

The rtrlet web application in the Web Console in Novell ZENworks Asset Management ZAM 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the 1 GetFilePassword and 2 GetConfigInfoPassword operations, which allows remote attackers to obtain sensitive information via a...

Hardcoded credentials

The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a 1 symlink or 2 hard link, a different vulnerability than CVE-2012-3485...

Hardcoded credentials

The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.120741313, does not properly implement unspecified methods, which allows remote attackers to download an arbitrary program onto a client machine, and...

Apache Tomcat Manager/Host Manager/Server Status Default/Hardcoded Credentials (HTTP)

The Apache Tomcat Manager/Host Manager/Server Status is using default or known hardcoded credentials. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Hardcoded credentials

The Linux firmware image on 1 Korenix Jetport 5600 series serial-device servers and 2 ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH session...

Hardcoded credentials

hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838...

Hardcoded credentials

The bdrvopen function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file...

Hardcoded credentials

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls...

Hardcoded credentials

The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison...