Hardcoded credentials

HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks...

Hardcoded credentials

Use of Hard-coded Credentials in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows remote attackers to retrieve and modify the device settings...

CVE-2020-8995

Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools...

CVE-2020-8995

Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools...

Hardcoded credentials

Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools...

CVE-2020-8995

Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools...

CVE-2020-8995

The CVE-2020-8995 entry concerns Programi Bilanc Build 007 Release 014 (dated 31.01.2020): a .exe contains hardcoded credentials to multiple servers, enabling remote attackers to access the website, update server, and external issue tracking tools. The root cause is embedded credentials in the ex...

Bilanc Shpk Programi Bilanc Trust Management Issues Vulnerabilities

Bilanc Shpk Programi Bilanc is a software for generating balance sheets from Bilanc Shpk, Alphania. A security vulnerability exists in Bilanc Shpk Programi Bilanc version 007014 31.01.2020, which stems from the Programi Bilanc Build providing an .exe file with several hardcoded credentials allowi...

SolarWinds N-Central Trust Management Issue Vulnerability

SolarWinds N-Central is an IT device management platform from SolarWinds Singapore. The platform provides proactive monitoring of everything on a customer's network, not just servers and workstations, and rapid troubleshooting using features such as MFA, antivirus, integrated endpoint detection a...

Hardcoded credentials

AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web client. The same hardcoded SSL private key is used across different customers' installations when no other SSL certificate is installed, which allows remote attackers to defeat cryptographic protection...

Hardcoded credentials

An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded Credentials exist by default for local user accounts named email protected and email protected. These allow logins to the N-Central Administrative Console NAC and/or the regular web interface...

Hardcoded credentials

An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. A hardcoded RSA private key specific to V1600D4L and V1600D-MINI is contained in the firmware images...

Hardcoded credentials

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key specific to V1600D, V1600G1, and V1600G2 is contained in the firmware images...

Hardcoded credentials

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. An low-privileged non-admin attacker can use a hardcoded password 4ef9cea10b2362f15ba4558b1d5c081f to create an admin user...

Hardcoded credentials

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. ...

CVE-2020-28329

Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19...

Hardcoded credentials

Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19...

Hardcoded credentials

Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Versions: 2.5.1.8. An attacker armed with hardcoded API credentials retrieved by exploiting CVE-2020-28329 can issue an authenticated query to display the admin password for the main web user interface listenin...

Hardcoded credentials

IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454...

Barco wePresent Hardcoded API Credentials

KL-001-2020-004 : Barco wePresent Hardcoded API Credentials Title: Barco wePresent Hardcoded API Credentials Advisory ID: KL-001-2020-004 Publication Date: 2020.11.20 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-004.txt 1. Vulnerability Details Affected Vendor: Barco...