CVE-2019-15867

The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13 password for the slickpopupteam account, after a Subscriber calls a certain AJAX action...

CVE-2019-15867

The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13 password for the slickpopupteam account, after a Subscriber calls a certain AJAX action...

CVE-2019-15867

The CVE-2019-15867 issue affects the WordPress slick-popup plugin (pre-1.7.2). It relies on a hardcoded credential OmakPass13# for the slickpopupteam account, enabling privilege escalation via a specific AJAX action (as described by connected sources). Practical impact is administrator-level acce...

CVE-2016-10928

The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users...

CVE-2016-10928

The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users...

CVE-2016-10928

The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users...

Fortinet FortiRecorder 2.7.3 Hardcoded Password Vulnerability

Fortinet FortiRecorder 2.7.3 Hardcoded Password Vulnerability Original posting: https://xor.cat/2019/08/05/fortinet-fortirecorder-hardcoded-password/ Text archive available here: https://xor.cat/archive/2019/08/05/fortinet-fortirecorder-hardcoded-password.txt Background In June of 2019 I discover...

Fortinet FortiRecorder 2.7.3 Hardcoded Password

Original posting: https://xor.cat/2019/08/05/fortinet-fortirecorder-hardcoded-password/ Text archive available here: https://xor.cat/archive/2019/08/05/fortinet-fortirecorder-hardcoded-password.txt Background In June of 2019 I discovered a vulnerability in Fortinet's FortiRecorder1 product which...

CVE-2017-8415

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getspnam at address 0x00053894. Then performs a crypt operation on the password retrieved from the use...

CVE-2019-12920

On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET login prompt...

CVE-2019-12920

Summary: CVE-2019-12920 affects Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4. Vulnerability: devices ship with a hardcoded root password (12345678) accessible from a TELNET prompt, enabling a network attacker to login remotely and gain root access. Root cause: hardcoded credential ...

CVE-2019-12920

On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET login prompt...

Schneider Electric Magelis XBT HMI Hardcoded Configuration Password

Binary data 720236.prm...

Weak Password Vulnerability in Trunkey's ICP/IP Address Information Filing Management System

Trunkey ICP/IP address information filing management system is a set of ISP service provider enterprise side filing management system. A weak password vulnerability exists in the Trunkey ICP/IP address information filing management system. The vulnerability is due to the fact that the password is...

CVE-2019-6499

Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account in viewpoint-portal\conf\server.xml that could potentially be exploited by malicious users to compromise the affected system...

CVE-2019-6499

Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account in viewpoint-portal\conf\server.xml that could potentially be exploited by malicious users to compromise the affected system...

CVE-2019-6499

Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account in viewpoint-portal\conf\server.xml that could potentially be exploited by malicious users to compromise the affected system...

CVE-2019-6499

CVE-2019-6499 affects Teradata Viewpoint prior to 14.0 and 16.20.00.02-b80, where a hardcoded password (TDv1i2e3w4) was stored for the viewpoint database account in viewpoint-portal\conf\server.xml. This static credential could allow a malicious user to compromise the affected system. The provide...

CVE-2019-3908

Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data...

Cradlepoint Router Password Disclosure Vulnerability

Exploit for hardware platform in category web applications Cradlepoint Router Password Disclosure Many vulnerabilities in the built-in software of the Cradlepoint Router. 100000 such routers can be seen in the shodan https://www.shodan.io/search?query=cradlepointhttpservice. These vulnerabilities...