CVE-2018-0038

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra...

CVE-2018-0039 Contrail Service Orchestration: Hardcoded credentials for Grafana service

Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafan...

CVE-2018-0041 Contrail Service Orchestration: Hardcoded credentials for Keystone service.

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone...

CVE-2018-0041

The CVE-2018-0041 entry concerns Juniper Networks Contrail Service Orchestration (CSO) prior to version 3.3.0, where hard-coded credentials grant network-based attackers unauthorized access to Keystone service data. Root cause: hard-coded credentials in CSO access to Keystone. Affected product: C...

Hardcoded credentials

Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller...

Hardcoded credentials

The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML...

Hardcoded credentials

The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML...

Hardcoded credentials

Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a web service...

Hardcoded credentials

Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain...

Hardcoded credentials

A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems All versionswithout use of Siemens Healthineers Informatics products, RAPIDLab 1200 Series All versions = V3.0 with Siemens Healthineers Informatics products, RAPIDPoint 500 systems...

HPE VAN SDN Unauthenticated Remote Root Vulnerability

Vulnerability Details Affected Vendor: HP Enterprise Affected Product: VAN SDN Controller Affected Version: 2.7.18.0503 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials, CWE-20: Improper Input Validation Impact: Privilege Escalation Attack vector: HTTP 2...

Hardcoded credentials

In the web server on D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account...

Hardcoded credentials

D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session...

Hardcoded credentials

An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console...

Hardcoded credentials

A vulnerability in the default configuration of the Simple Network Management Protocol SNMP feature of Cisco Wide Area Application Services WAAS Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded,...

Hardcoded credentials

In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this...

Hardcoded credentials

An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the account they wish to take over, and re-sign it using the hard coded secret...

Hardcoded credentials

html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the 'sanitized' variable causing sanitization to be bypassed...

PT-2018-2076 · D Link · D-Link Central Wifi Manager

Name of the Vulnerable Software and Affected Versions: D-Link Central WiFi Manager versions prior to 1.03r0100-Beta1 Description: The issue is related to the use of hardcoded credentials for the FTP service, which runs on port 9000. This allows a remote attacker to execute arbitrary PHP code by...

Hardcoded credentials

An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to...