3038 matches found
Hardcoded credentials
The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13 password for the slickpopupteam account, after a Subscriber calls a certain AJAX action...
Zyxel NWA/NAP/WAC Hardcoded Credentials
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Hardcoded FTP Credentials product: Zyxel NWA/NAP/WAC wireless access point series vulnerable version: see "Vulnerable / tested version" fixed version: see "Solution" CVE...
Hardcoded credentials
An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization...
ProGrade/Lierda Grill Temperature 1.00_50006 Hardcoded Credentials
Author: Tim Tepatti Website: tepatti.com Title: Hard-coded credentials on ProGrade/Lierda Grill Temperature Monitor CVE-2019-15304 Product: Grill Temperature Monitor Manufacturer: ProGrade / Lierda Affected Versions: V1.0050006 Tested Versions: V1.0050006 Vulnerability Type: Use of hard-coded...
Hardcoded credentials
The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users...
Hardcoded credentials
The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text...
Hardcoded credentials
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder...
Siemens SIMATIC HMI Panels and TIA Portal <= v15.1 Update 1 Hardcoded Credentials (ICSA-19-134-09)
Binary data 720274.prm...
Hardcoded credentials
Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML...
Hardcoded credentials
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board head contents" parameter, aka the adm/boardformupdate.php bocontenthead parameter...
Hardcoded credentials
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board tail contents" parameter, aka the adm/boardformupdate.php bomobilecontenttail parameter...
Hardcoded credentials
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board title contents" parameter, aka the adm/boardformupdate.php bosubject parameter...
CVE-2019-12327
Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow an attacker to get access to the device via telnet. The telnet service is running on port 2323; it cannot be turned off and the credentials cannot be changed...
Hardcoded credentials
Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow an attacker to get access to the device via telnet. The telnet service is running on port 2323; it cannot be turned off and the credentials cannot be changed...
CVE-2019-12327
Summary: CVE-2019-12327 affects Akuvox R50P VoIP phone (version 50.0.6.156). The issue arises from hardcoded credentials, enabling an attacker to access the device via telnet on port 2323. The telnet service cannot be turned off and credentials cannot be changed, per the provided sources. Affecte...
CVE-2019-12327
Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow an attacker to get access to the device via telnet. The telnet service is running on port 2323; it cannot be turned off and the credentials cannot be changed...
Hardcoded credentials
Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to a local Denial of Service affecting CmdVirth.exe via its LPC port "cmdvrtLPCServerPort". A low privileged local process can connect to this port and send an LPCDATAGRAM, which triggers an Access Violation due to hardcoded NULLs used fo...
Hardcoded credentials
In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATHINFO to the dashboards/ URI...
Hardcoded credentials
main/streams/xpsocket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen'127.0.0.1:80', 443 as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number i.e...
Hardcoded credentials
On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration aka setAutoLogin can be achieved by continuing to use a session ID after a logout, aka HMCCU-154...