Hardcoded credentials

The outboxWriteUnsent function in FTPThread.class in SendFile.jar for Beehive Software SendFile.NET uses hard-coded credentials for an FTP server, which allows remote attackers to gain privileges...

Beehive/SendFile.NET - Secure File Transfer Appliance hardcoded credentials

There is hardcoded FTP account sfoutbox/sfoutbox...

Beehive/SendFile.NET - Secure File Transfer Appliance Hardcoded Credentials

Title: Beehive/SendFile.NET - Secure File Transfer Appliance Hardcoded Credentials Vendor: Beehive Software Vendor URL: http://www.thebeehive.com/ Affected File: http://host/sfcommon/SendFile.jar Vendor Contact Date: 7/26/2007 Vendor Response: None Workaround: The simplest way to protect against...

Hardcoded credentials

Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors...

Hardcoded credentials

hpssd in Hewlett-Packard Linux Imaging and Printing Project hplip 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail...

Hardcoded credentials

Interpretation conflict in the Sun Java Virtual Machine JVM allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet...

Hardcoded credentials

Microsoft Windows Media Player WMP 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expec...

Hardcoded credentials

The embedded Internet Explorer server control in AOL Instant Messenger AIM 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected...

Hardcoded credentials

The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access...

Hardcoded credentials

Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192...

Hardcoded credentials

Mozilla Firefox 2.0.0.3 does not check URLs embedded in 1 object or 2 iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection...

Hardcoded credentials

The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.04SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device...

Hardcoded credentials

The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."...

Hardcoded credentials

The HTML Help ActiveX control Hhctrl.ocx in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters...

Hardcoded credentials

FreeProxy before 3.92 Build 1626 allows malicious users to cause a denial of service infinite loop via a HOST: header with a hostname and port number that refers to the server itself...

FiWin SS28S Wi-Fi phones backdoor account

Phone has debug console with telnet access and hardcoded account 1 with password 1...

Hardcoded credentials

Secure Elements Class 5 AVR server aka C5 EVM before 2.8.1 uses a hard-coded user ID and password, which allows remote attackers to gain access to the server...

Hardcoded credentials

iOpus Secure Email Attachments SEA, probably 1.0, does not properly handle passwords that consist of repetitions of a substring, which allows attackers to decrypt files by entering only the substring...

Hardcoded credentials

Control cards for Cisco Optical Networking System ONS 15000 series nodes before 20060405 allow remote attackers to cause a denial of service card reset via 1 a "crafted" IP packet to a device with secure mode EMS-to-network-element access, aka bug ID CSCsc51390; 2 a "crafted" IP packet to a devic...

Hardcoded credentials

CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial announcement of this risk was made on our website... and it included a patch which will close the...