3038 matches found
CVE-2019-12550
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET...
Hardcoded credentials
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key...
Hardcoded credentials
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET...
CVE-2019-12550
CVE-2019-12550 affects WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505. The vulnerability is due to use of hard-coded credentials that allow an attacker to log in with root privileges over SSH/TELNET, enabling full OS compromise. Affected firmware branches are: 852-303 before FW0...
Hardcoded credentials
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocaterevB scripts copies the hardcoded key to...
HPE Intelligent Management Center (IMC) Hardcoded Credentials Remote Code Execution Vulnerability
HPE Intelligent Management Center IMC is a comprehensive management platform built from the ground up to support the Failure, Configuration, Accounting, Performance and Security FCAPS model. HPE Intelligent Management Center IMC 7.3 E0506P09 and earlier versions have a dbman use of hardcoded...
Hardcoded credentials
Use of a hard-coded encryption key in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges...
Slick Popup <= 1.7.1 - Privilege Escalation
Subscriber users are able to create an administrator account with hardcoded login credentials. PoC Hardcoded username "slickpopupteam" and its password is OmakPass13...
Slick Popup <= 1.7.1 - Privilege Escalation
Subscriber users are able to create an administrator account with hardcoded login credentials. Hardcoded username "slickpopupteam" and its password is OmakPass13...
Hardcoded credentials
Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page...
Hardcoded credentials
Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page...
Hardcoded credentials
Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page...
Hardcoded credentials
Computrols CBAS 18.0.0 has hard-coded encryption keys...
CVE-2019-6812
A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 which could cause a confidentiality issue when using FTP protocol...
CVE-2019-6812
A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 which could cause a confidentiality issue when using FTP protocol...
Hardcoded credentials
A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 which could cause a confidentiality issue when using FTP protocol...
CVE-2019-6812
A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 which could cause a confidentiality issue when using FTP protocol...
CVE-2019-6812
Schneider Electric BMX-NOR-0200H firmware prior to V1.7 IR 19 has a CWE-798 hardcoded credentials vulnerability in the FTP service, leading to potential confidentiality impact. The issue affects BMX-NOR-0200H and is not described with exploitation details in the provided docs. Remediation is to u...
Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution Exploit
Exploit for java platform in category web applications / Exploit Title: Brocade Network Advisor - Unauthenticated Remote Code Execution Date: 2017-03-29 Exploit Author: Jakub Palaczynski Vendor Homepage: https://www.broadcom.com/ CVE: CVE-2018-6443 Version: Tested on Brocade Network Advisor 14.X....
Hardcoded credentials
An Insecure Permissions issue issue 1 of 3 was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The "move issue" feature may allow a user to create projects under any namespace on any GitLab instance on which they hold credential...