7555 matches found
Palo Alto Networks Zingbox Inspector CVE-2019-15015 Hardcoded Credentials Vulnerability
Description Palo Alto Networks Zingbox Inspector is prone to a hard-coded credentials vulnerability. An attacker can exploit this issue to gain unauthorized access to the vulnerable system and perform unauthorized actions. Palo Alto Networks Zingbox Inspector version 1.294 and prior are vulnerabl...
PT-2019-3540 · Zingbox · Zingbox Inspector
Name of the Vulnerable Software and Affected Versions: Zingbox Inspector versions 1.294 and earlier Description: The issue is related to the SSH service being enabled, exposing it to the local network. This, combined with other factors, can allow an attacker to authenticate to the service using...
PT-2019-3538 · Zingbox · Zingbox Inspector
Name of the Vulnerable Software and Affected Versions: ZingBox Inspector versions 1.294 and earlier Description: The issue is related to the use of hardcoded credentials in the ZingBox Inspector, which can allow a remote attacker to gain unauthorized access to the system. The presence of these...
Hardcoded credentials
Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The “generate reports” archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption is available...
Hardcoded credentials
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments...
The vulnerability of the microprogramming software for Moxa EDS-G516E and Moxa EDS-510E switches lies in the use of rigidly encoded account data, which allows attackers to escalate their privileges.
The vulnerability of the microprogrammed software of Moxa EDS-G516E and Moxa EDS-510E switches is related to the use of rigidly encoded account data. Exploiting this vulnerability can allow attackers to enhance their privileges...
Hardcoded credentials
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files...
Drilling open a smart door lock in 4 seconds
The BBC asked us to have a look at some smart locks for a TV show recently. We didn’t have much prep time, but were genuinely shocked by just how easy this one was to compromise. Usually, we spend time looking at Bluetooth/RF, the mobile app, the API and then move on to hardware. This time we...
Western Digital My Book World II NAS 1.02.12 Hardcoded Credential Vulnerability
Western Digital My Book World II NAS versions 1.02.12 and below have a hard-coded ssh credential that allows for remote command execution. Exploit Title: Western Digital My Book World II NAS = 1.02.12 - Broken Authentication to RCE Google Dork: intitle:"My Book World Edition - MyBookWorld" Exploi...
Emerson DeltaV Smart Switch Hardcoded Credentials (ICSA-19-190-01)
Binary data 720299.prm...
Western Digital My Book World II NAS 1.02.12 Hardcoded Credential
Exploit Title: Western Digital My Book World II NAS = 1.02.12 - Broken Authentication to RCE Google Dork: intitle:"My Book World Edition - MyBookWorld" Date: 19th Sep, 2019 Exploit Author: Noman Riffat, National Security Services Group NSSG Vendor Homepage: https://wd.com/ Software Link:...
Telnet Backdoor Opens More Than 1M IoT Radios to Hijack
Imperial Dabman IoT radios have a weak password vulnerability that could allow a remote attacker to achieve root access to the gadgets’ embedded Linux BusyBox operating system, gaining control over the device. Adversaries can deliver malware, add a compromised radio to a botnet, send custom audio...
Zyxel Access Point Hardcoded Credentials (FTP)
Zyxel access points are using known hardcoded credentials. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software...
Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, Cisco 160W vulnerable version:...
CVE-2019-15867
The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13 password for the slickpopupteam account, after a Subscriber calls a certain AJAX action...
CVE-2019-15867
The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13 password for the slickpopupteam account, after a Subscriber calls a certain AJAX action...
Hardcoded credentials
The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13 password for the slickpopupteam account, after a Subscriber calls a certain AJAX action...
CVE-2019-15867
The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13 password for the slickpopupteam account, after a Subscriber calls a certain AJAX action...
CVE-2019-15867
The CVE-2019-15867 issue affects the WordPress slick-popup plugin (pre-1.7.2). It relies on a hardcoded credential OmakPass13# for the slickpopupteam account, enabling privilege escalation via a specific AJAX action (as described by connected sources). Practical impact is administrator-level acce...
Zyxel NWA/NAP/WAC Hardcoded Credentials
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Hardcoded FTP Credentials product: Zyxel NWA/NAP/WAC wireless access point series vulnerable version: see "Vulnerable / tested version" fixed version: see "Solution" CVE...