CVE-2010-2966

The INCLUDESECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGINUSERNAME and LOGINUSERPASSWORD aka LOGINPASSWORD parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a 1 telnet, 2 rlogin, or 3 FTP session...

Hardcoded credentials

The INCLUDESECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGINUSERNAME and LOGINUSERPASSWORD aka LOGINPASSWORD parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a 1 telnet, 2 rlogin, or 3 FTP session...

CVE-2010-2966

The CVE-2010-2966 issue affects Wind River VxWorks 6.x, 5.x, and earlier where INCLUDE_SECURITY uses LOGIN_USER_NAME and LOGIN_USER_PASSWORD (LOGIN_PASSWORD) to create hardcoded credentials. This enables remote authentication for (1) telnet, (2) rlogin, or (3) FTP sessions. Root cause is hardcode...

Hardcoded credentials

authdbconfig.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the 1 test, 2 user, and 3 roxon accounts, which allows remote attackers to read arbitrary files from the FTP server...

IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell

Security Advisory IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell Advisory Information -------------------- Published: 2010-06-08 Updated: 2010-06-08 Manufacturer: Linksys Model: WAP54G Hardware version: v3.x Firmware version: ver.3.05.03 Europe ver.3.04.03 Vulnerability Details...

Hardcoded credentials

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via...

Hardcoded credentials

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted HTML document, related to an "API...

Hardcoded credentials

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML docume...

Hardcoded credentials

Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username Gemtek and password gemtekswd for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the 1 data1, 2 data2, or 3 data3 parameters to a Debugcommandpage.asp and b debug.cgi...

CVE-2010-1573

Linksys WAP54Gv3 firmware versions 3.04.03 and earlier are affected by hard-coded credentials (Gemtek / gemtekswd) on a debug interface for specific web pages. This enables remote attackers to execute arbitrary commands via data1, data2, or data3 parameters to Debug_command_page.asp and debug.cgi...

Linksys WAP54Gv3 Remote Debug Root Shell

Security Advisory IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell Advisory Information -------------------- Published: 2010-06-08 Updated: 2010-06-08 Manufacturer: Linksys Model: WAP54G Hardware version: v3.x Firmware version: ver.3.05.03 Europe ver.3.04.03 Vulnerability Details...

Hardcoded credentials

transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the stnlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file...

Hardcoded credentials

Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service excessive application launches via an HTML document with many IFRA...

Hardcoded credentials

Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service excessive application launches via an HTML document with many IFRAM...

Hardcoded credentials

Google Chrome 1.0.154.48 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service excessive application launches via an HTML document with many IFRAME elements...

Hardcoded credentials

The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service filesystem corruption via a crafted application that calls the mkdir a...

Hardcoded credentials

TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for rem.accdb, which allows local users to discover credentials via a DBI connection...

Hardcoded credentials

Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service excessive application launches via an...

Hardcoded credentials

JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service application crash via an HTML document composed of many successive occurrences of the substring...

Hardcoded credentials

Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document...