1189 matches found
Hardcoded credentials
SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password...
CVE-2015-3001
SysAid Help Desk (SysAid Help Desk before 15.2) is affected by multiple vulnerabilities including CVE-2015-3001 (use of a hard-coded sa password: Password1) and CVE-2015-2993 (administrator account creation). The issues enable bypass of access restrictions and potential remote compromise; some en...
CVE-2015-3001
SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password...
Hardcoded credentials
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive...
CVE-2015-0996
CVE-2015-0996 affects Schneider Electric InduSoft Web Studio (before 7.1.3.4 SP3 Patch 4) and InTouch Machine Edition 2014 (before 7.1.3.4 SP3 Patch 4). Root cause is a hard-coded, cleartext password used to control read access to Project files and Project Configuration files, enabling local atta...
CVE-2015-0996
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive...
EMC M&R (Watch4net) - Credential Disclosure Vulnerability
It was discovered that EMC M&R Watch4net credentials of remote servers stored in Watch4net are encrypted using a fixed hard-coded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. Abstract It was discovered that EMC M&R Watch4net...
EMC MR (Watch4net) - Credential Disclosure
EMC MR Watch4net - Credential Disclosure Abstract It was discovered that EMC M&R Watch4net credentials of remote servers stored in Watch4net are encrypted using a fixed hardcoded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. Affecte...
EMC M&R (Watch4net) Insecure Credential Storage
------------------------------------------------------------------------ EMC M&R Watch4net data storage collector credentials are not properly protected ------------------------------------------------------------------------ Han Sahin, November 2014...
EMC M&R (Watch4net) - Credential Disclosure
Abstract It was discovered that EMC M&R Watch4net credentials of remote servers stored in Watch4net are encrypted using a fixed hardcoded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. Affected products EMC reports that the following...
CVE-2015-0930
The web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which makes it easier for remote attackers to obtain access via an HTTP session...
CVE-2014-9576
VDG Security SENSE formerly DIVA 2.3.13 has a hardcoded password of 1 ArpaRomaWi for the root Postgres account and !DVService for the 2 postgres and 3 NTP Windows user accounts, which allows remote attackers to obtain access...
CVE-2014-5420
CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors...
CVE-2014-5422
CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors...
CVE-2014-5420
CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors...
CVE-2014-5420
CVE-2014-5420 affects CareFusion Pyxis SupplyStation 8.1 with hardware test tool software versions up to 1.0.15. The vulnerability is hard-coded passwords in service and application accounts (and insecure temporary files) that could allow remote authenticated access to application files via unspe...
CVE-2014-5421
CareFusion Pyxis SupplyStation system (version 8.1 with hardware test tool 1.0.16 and earlier) contains a hard-coded database password that can allow local users with cabinet access to gain privileges. CVE-2014-5421 is documented with a base vulnerability tied to hard-coded credentials; NVD notes...
CVE-2014-5422
CVE-2014-5422 affects CareFusion Pyxis SupplyStation system 8.1 with hardware test tool prior to 1.0.16. The vulnerability is due to a hardcoded service password that grants admin privileges, enabling a remote attacker to gain access through unspecified vectors (remote exploitation possible if ne...
Amazing exposure Netcore routers exist back door, anyone can be a remote access-vulnerability warning-the black bar safety net
The Trend Micro researchers said yesterday at the official website shows, the Chinese manufacturers produce a series of routers contain a severe vulnerability, the hacker through the loopholes in monitoring user's Internet traffic. Router in China the Brand Name Netcore in foreign countries the...
CVE-2014-5396
The web interface in Schrack Technik microControl with firmware before 1.7.0 937 has a hardcoded password of not for the "user" account, which makes it easier for remote attackers to obtain access via unspecified vectors...