Lucene search
K

3044 matches found

Prion
Prion
added 2012/07/18 10:26 a.m.19 views

Hardcoded credentials

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls...

6.8CVSS6.9AI score0.0232EPSS
Exploits0References24Affected Software5
Prion
Prion
added 2012/06/04 8:55 p.m.67 views

Hardcoded credentials

The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison...

6.8CVSS8AI score0.04281EPSS
Exploits0References21Affected Software1
Prion
Prion
added 2012/06/04 8:55 p.m.24 views

Hardcoded credentials

The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large region size in a package header...

6.8CVSS8AI score0.04378EPSS
Exploits0References21Affected Software1
NVD
NVD
added 2012/05/22 3:55 p.m.18 views

CVE-2012-2567

The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted 1 FTP or 2 HTTP session...

2.6CVSS6.3AI score0.01412EPSS
Exploits0References5
Prion
Prion
added 2012/05/22 3:55 p.m.16 views

Hardcoded credentials

The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted 1 FTP or 2 HTTP session...

2.6CVSS6.8AI score0.01412EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2012/05/22 3:0 p.m.24 views

CVE-2012-2567

The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted 1 FTP or 2 HTTP session...

6.3AI score0.01412EPSS
Exploits0References5
CVE
CVE
added 2012/05/22 3:0 p.m.53 views

CVE-2012-2567

The CVE-2012-2567 entry refers to Xelex MobileTrack for Android (2.3.7 and earlier) that uses hardcoded credentials and transmits data over an insecure FTP/HTTP session, exposing potentially sensitive user data. Root cause: information exposure due to non-secure authentication/storage configurati...

2.6CVSS6.5AI score0.01412EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2012/04/16 4:55 p.m.18 views

Hardcoded credentials

GRScript18.dll before 1.2.2.0 in ActiveScriptRuby ASR before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document...

7.5CVSS7.7AI score0.01688EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2012/03/20 3:55 p.m.16 views

Hardcoded credentials

EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded credentials, which makes it easier for remote attackers to obtain access via unknown vectors...

9.3CVSS7.1AI score0.02074EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2012/03/20 3:55 p.m.20 views

CVE-2012-0402

EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded credentials, which makes it easier for remote attackers to obtain access via unknown vectors...

9.3CVSS6.6AI score0.02074EPSS
Exploits0References5
CVE
CVE
added 2012/03/20 3:0 p.m.53 views

CVE-2012-0402

CVE-2012-0402 affects EMC RSA enVision 4.x prior to 4.1 Patch 4, which uses unspecified hardcoded credentials that could allow a remote attacker to gain access via unknown vectors. The vulnerability is within RSA enVision’s authentication surface, with a CVSS Base Score of 9.3 (High) per NVD. Aff...

9.3CVSS6.8AI score0.02074EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2012/03/20 3:0 p.m.22 views

CVE-2012-0402

EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded credentials, which makes it easier for remote attackers to obtain access via unknown vectors...

6.6AI score0.02074EPSS
Exploits0References5
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.64 views

ESA-2012-014: RSA enVision Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-014: RSA enVision Multiple Vulnerabilities EMC Identifier:ESA-2012-014 CVE Identifiers: CVE-2012-0399, CVE-2012-0400, CVE-2012-0401, CVE-2012-0402, CVE-2012-0403 Severity Rating: CVSS Base Score: See below for scores for individual...

9.3CVSS0.6AI score0.02074EPSS
Exploits0
Prion
Prion
added 2012/03/16 8:55 p.m.12 views

Hardcoded credentials

The Web Configuration tool in VMware vCenter Orchestrator vCO 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document...

4CVSS6.2AI score0.01209EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2012/02/23 12:33 p.m.11 views

CVE-2012-1288

The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP session...

10CVSS6.7AI score0.03251EPSS
Exploits0References1
CVE
CVE
added 2012/02/23 11:0 a.m.46 views

CVE-2012-1288

The CVE refers to UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock devices that use hardcoded administrative credentials. The underlying issue is a hardcoded admin user/password that can be used to access the device via its web interface, enabling remote attackers to obtain access and potenti...

10CVSS6.9AI score0.03251EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2012/02/23 11:0 a.m.18 views

CVE-2012-1288

The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP session...

6.7AI score0.03251EPSS
Exploits0References1
Prion
Prion
added 2012/01/18 8:55 p.m.15 views

Hardcoded credentials

Multiple unspecified vulnerabilities in the 1 PrintFile and 2 SaveDoc methods in the VsVIEW6 ActiveX control in VsVIEW6.ocx in IBM SPSS SamplePower 3.0 allow remote attackers to execute arbitrary code via a crafted HTML document...

9.3CVSS7.8AI score0.04497EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2012/01/14 9:55 p.m.24 views

Hardcoded credentials

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...

4.3CVSS6.7AI score0.0854EPSS
Exploits0References22Affected Software1
Prion
Prion
added 2011/12/17 11:55 a.m.15 views

Hardcoded credentials

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771 and 140CPU65 modules, the Premium TSXETY and TSXP57 modules, the M340 BMXNOE01 and BMXP3420 modules, and the STB DIO STBNIC2212 and STBNIP2 modules, uses hardcoded passwords for the 1 AUTCSE, 2 AUTCSE, 3 fdrusers, 4...

10CVSS7AI score0.0404EPSS
Exploits1References7Affected Software21
Rows per page
Query Builder