Hardcoded credentials

The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login session...

Seagate GoFlex Satellite Remote Telnet Default Password Vulnerability

Seagate GoFlex Satellite Mobile Wireless Storage devices contain a hardcoded backdoor account. An attacker could use this account to remotely tamper with the underlying operating system when Telnet is enabled. Title: Seagate GoFlex Satellite Remote Telnet Default Password Publication URL:...

Seagate GoFlex Satellite Remote Telnet Default Password

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password Title: Seagate GoFlex Satellite Remote Telnet Default Password Advisory ID: KL-001-2015-007 Publication Date: 2015.12.18 Publication URL:...

Hardcoded credentials

Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account's password, aka Bug ID CSCus62707...

Hardcoded credentials

Arris DG860A, TG862A, and TG862G devices with firmware TS0703128100611 through TS0705125D031115 have a hardcoded administrator password derived from a serial number, which makes it easier for remote attackers to obtain access via the web management interface, SSH, TELNET, or SNMP...

Hardcoded credentials

The default configuration of sshdconfig in Cisco Mobility Services Engine MSE through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501...

Hardcoded credentials

Qolsys IQ Panel aka QOL before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation...

Hardcoded credentials

EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption keys, which makes it easier for attackers to obtain access by examining how a program's code conducts cryptographic operations...

Hardcoded credentials

ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password...

Hardcoded credentials

kernelcrashdump in Apport before 2.19 allows local users to cause a denial of service disk consumption or possibly gain privileges via a 1 symlink or 2 hard link attack on /var/crash/vmcore.log...

ADH-Web IP Camera Access Bypass

Advisory Information Title: ADH-Web Server IP-Cameras Improper Access Restrictions Date published: 2015-09-19 Date of last update: 2015-09-19 Vendors contacted: ADH-Web Author: Glaysson dos Santos Release mode: User release 2. Vulnerability Information Class: Information Exposure CWE-200 Impact:...

CVE-2015-6456

GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password...

Hardcoded credentials

GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password...

CVE-2015-6456

GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise are affected versions prior to 3.1.5, which contain hard-coded credentials for a hidden support account. This enables remote attackers to obtain administrative access and potentially execute arbitrary code. Public advisories (ZDI-15-440; ...

CVE-2015-6456

GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password...

Hardcoded credentials

The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafted web site...

Hardcoded credentials

The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL...

ManageEngine OpManager 11.5 Hardcoded Credential / SQL Bypass

Exploit Title: ManageEngine OpManager multiple vulnerabilities Product: ManageEngine OpManager Vulnerable Versions: v11.5 and previous versions Tested Version: v11.5 Windows Advisory Publication: 14/09/2015 Vulnerability Type: hardcoded credentials, SQL query protection bypass Credit: xistence...

Silver Peak VXOA 6.2.11 - Multiple Vulnerabilities

Silver Peak VXOA 6.2.11 - Multiple Vulnerabilities , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Silver Peak VXOA Multiple Vulnerabilities Affected versions: Silver Peak VX 6.2.11 PDF:...

Silver Peak VXOA < 6.2.11 - Multiple Vulnerabilities

Silver Peak VX virtual appliance running VXOA before version 6.2.11 contains a number of security vulnerabilities, including command injection, unauthenticated file read, mass assignment, shell upload, and hardcoded credentials. By combining these vulnerabilities, an attacker may remotely obtain...