Juniper Networks Junos OS SRX Series: Hardcoded Credentials Vulnerability

Junos OS on SRX series contain hardcoded credentials. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"; if...

Solarwinds LEM 6.3.1 Hardcoded Credentials

KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials Title: Solarwinds LEM Hardcoded Credentials Advisory ID: KL-001-2017-015 Publication Date: 2017.07.06 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-015.txt 1. Vulnerability Details Affected Vendor: Solarwinds...

SolarWinds Log and Event Manager (LEM) < 6.3.1 Hotfix 5 Hardcoded Credentials Vulnerability

SolarWinds Log and Event Manager LEM is prone to a hardcoded credentials vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Solarwinds LEM Hardcoded Credentials

Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials Impact: Unintended Access Attack vector: Local 2. Vulnerability Description The...

FortiWLM upgrade user account hard-coded credentials

FortiWLM has a hard-coded password for its "upgrade" user account, which it uses to transfer files to and from the FortiWLC controller. Having the upgrade account credentials would allow an attacker to transfer files to any attached or previously attached controllers as an admin user, thus raisin...

Foscam C1 Hardcoded Credential Authentication Bypass Vulnerability

Foscam C1 is a wireless IP camera product from FOSCAM China. A security vulnerability exists in the Foscam C1 using firmware version 1.9.1.12. The vulnerability can be exploited by a remote attacker to access a camera that does not block port 50021...

Hardcoded credentials

Hard-coded FTP credentials r:r are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device...

Foscam camera Web UI Hides Hardcoded Credentials Vulnerability

Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera Web UI Hidden and Hardcoded Credentials Vulnerability.The Foscam model has hidden and hardcoded credentials that can be exploited by an attacker to gain...

Trashbilling.com / Trashflow 3.0 XSS / SQL Injection

A blog post with information located here: https://thenopsled.com/trashbilling.html ============ Introduction ============ This was a basic vulnerability analysis of trashbilling.com which I am required to use to pay my trash bill, and Trashflow 3.0, which updates trashbilling.com from the Trash...

Hardcoded credentials

A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise UCCE 11.51 and 11.61 could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account tha...

Hardcoded credentials

A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information...

Solarwinds LEM 6.3.1 Hardcoded Credentials Vulnerability

The Postgres database on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 has default hardcoded credentials. While some security measures were taken to ensure that network connectivity to the Postgres database wouldn't be possible using IPv4, the same measures were not taken for...

Hardcoded credentials

Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page...

Solarwinds LEM Database Listener with Hardcoded Credentials

Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials, CWE-284: Improper Access Control Impact: Remote Database Compromise Attack...

Solarwinds LEM 6.3.1 Hardcoded Credentials

KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials Title: Solarwinds LEM Database Listener with Hardcoded Credentials Advisory ID: KL-001-2017-009 Publication Date: 2017.04.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-009.txt 1...

Hardcoded credentials

On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key a long string beginning with Ei2HNryt. This affects the 1.1.2 Build 20141017 Rel.50749 firmware...

Moxa AWK-3131A Hard-coded Administrator Credentials Vulnerability

Talos Vulnerability Report TALOS-2017-0231 Moxa AWK-3131A Hard-coded Administrator Credentials Vulnerability April 21, 2017 Report ID CVE-2016-8717 Summary An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The devic...

DragonWave Horizon Hardcoded Credentials Vulnerability

DragonWave Horizon is a carrier-grade point-to-point packet microwave system from DragonWave Canada. The system provides the capability to transmit broadband voice, video and data. A security vulnerability exists in DragonWave Horizon version 1.01.03 that originates from the device's use of...

SedSystems D3 Decimator Default Credentials / File Disclosure

SedSystems D3 Decimator Multiple Vulnerabilities ================================================ Identification of the vulnerable device can be performed by scanning for TCP port 9784 which offers a default remote API. When connected to this device it will announce itself with "connected" or...

SedSystems D3 Decimator - Multiple Vulnerabilities

Exploit for multiple platform in category web applications SedSystems D3 Decimator Multiple Vulnerabilities ================================================ Identification of the vulnerable device can be performed by scanning for TCP port 9784 which offers a default remote API. When connected to...