1187 matches found
USN-3115-1: Django vulnerabilities
Marti Raudsepp discovered that Django incorrectly used a hardcoded password when running tests on an Oracle database. A remote attacker could possibly connect to the database while the tests are running and prevent the test user with the hardcoded password from being removed. CVE-2016-9013 Aymeri...
USN-3115-1 python-django vulnerabilities
Marti Raudsepp discovered that Django incorrectly used a hardcoded password when running tests on an Oracle database. A remote attacker could possibly connect to the database while the tests are running and prevent the test user with the hardcoded password from being removed. CVE-2016-9013 Aymeri...
CVE-2016-9013
Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually...
CVE-2016-6532
DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXISDATA SQL Server session...
CVE-2016-6531
Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a...
CVE-2016-6532
CVE-2016-6532 affects DEXIS Imaging Suite 10, which contains hard-coded credentials for the sa account, enabling remote administrative access to the DEXIS_DATA SQL Server session. The vulnerability emerges from hard-coded database credentials and can lead to full compromise of the patient databas...
CVE-2016-6531
CVE-2016-6531 concerns Open Dental (versions 16.1 and earlier) with a vulnerability stemming from a default MySQL credential setup. A hardcoded/blank root password (as noted by sources) could allow an attacker with network access to the Open Dental MySQL database to read, modify, or delete data. ...
CVE-2016-6532
DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXISDATA SQL Server session...
PT-2016-6975 · Open Dental · Open Dental
Name of the Vulnerable Software and Affected Versions: Open Dental versions 16.1 and earlier Description: The issue concerns a hardcoded MySQL root password, which could allow remote attackers to gain administrative access by leveraging access to intranet TCP port 3306. The vendor disputes this...
CVE-2016-5677
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an nvrstatus.php request...
CVE-2016-5677
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an nvrstatus.php request...
CVE-2016-5677
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an nvrstatus.php request...
CVE-2016-5677
CVE-2016-5677 affects NUUO NVRmini 2, NVRsolo, and NETGEAR ReadyNAS Surveillance (firmware 1.1.1–1.4.1). A hidden page (nvr_status _.php) uses hardcoded credentials nuuoeng:qwe23622260, enabling an unauthenticated attacker to retrieve sensitive information (current processes, memory, filesystem s...
CVE-2016-5081
ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET session...
CVE-2016-5081
ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET session...
CVE-2016-5081
The CVE-2016-5081 entry affects ZModo ZP-NE14-S and ZP-IBH-13W devices (DVR/cameras) due to hard-coded credentials that enable root access via an always-on TELNET service. The root cause is use of undocumented hard-coded credentials and TELNET hardening bypass, allowing remote attackers to obtain...
CVE-2016-5670
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface...
CVE-2016-5670
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface...
Hardcoded credentials
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface...
CVE-2016-5670
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface...