Hardcoded credentials

An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the account they wish to take over, and re-sign it using the hard coded secret...

CVE-2018-10813

In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this...

Hardcoded credentials

In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this...

Hardcoded credentials

html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the 'sanitized' variable causing sanitization to be bypassed...

PT-2018-2076 · D Link · D-Link Central Wifi Manager

Name of the Vulnerable Software and Affected Versions: D-Link Central WiFi Manager versions prior to 1.03r0100-Beta1 Description: The issue is related to the use of hardcoded credentials for the FTP service, which runs on port 9000. This allows a remote attacker to execute arbitrary PHP code by...

ReverseAPK - Quickly Analyze And Reverse Engineer Android Packages

Quickly analyze and reverse engineer Android applications. FEATURES: Displays all extracted files for easy reference Automatically decompile APK files to Java and Smali format Analyze AndroidManifest.xml for common vulnerabilities and behavior Static source code analysis for common vulnerabilitie...

CVE-2018-11482

/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223P-6, TL-IPC323K-D, TL-IPC325KP-, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password...

Hardcoded credentials

/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223P-6, TL-IPC323K-D, TL-IPC325KP-, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password...

CVE-2018-11482

/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223P-6, TL-IPC323K-D, TL-IPC325KP-, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password...

CVE-2018-11482

CVE-2018-11482 affects TP-LINK IPC device families (TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, TL-IPC40A-4) via /usr/lib/lua/luci/websys.lua which contains a hardcoded password (zMiVw8Kw0oxKXL0). Root cause: hardcoded credentials in the websys.lua module leading to insufficient access control...

CVE-2018-11482

/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223P-6, TL-IPC323K-D, TL-IPC325KP-, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password...

Hardcoded credentials

An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to...

Z-Wave Downgrade Attack Left Over 100 Million IoT Devices Open to Hackers

Researchers have found that even after having an advanced encryption scheme in place, more than 100 million Internet-of-Things IoT devices from thousands of vendors are vulnerable to a downgrade attack that could allow attackers to gain unauthorized access to your devices. The issue resides in th...

Backdoors in D-Link’s backyard

"If you want to change the world, start with yourself." In the case of security research this can be rephrased to: "If you want to make the world safer, start with the smart things in your home." Or, to be more specific, start with your router – the core of any home network as well as an...

PT-2018-3887 · D Link · Dir-620

Name of the Vulnerable Software and Affected Versions: D-Link DIR-620 devices with customized firmware versions 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22 Description: The issue is related to a hardcoded password for the admin account, specifically set to anonymous. This could allow a...

CVE-2018-11311

A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials...

CVE-2018-11311

A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials...

CVE-2018-11311

A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials...

CVE-2018-11311

The CVE-2018-11311 entry concerns mySCADA myPRO 7, where the FTP server’s credentials are hardcoded (username: myscada, password: Vikuk63) in mys cadagate.exe. This allows remote authentication to the FTP service on port 2121, enabling actions such as uploading files or listing directories. Conne...

mySCADA myPRO 7 - Hard-Coded Credentials

mySCADA myPRO 7 - Hard-Coded Credentials. CVE-2018-11311. Remote exploit for Multiple platform Exploit Title: mySCADA myPRO 7 - Hardcoded FTP Username and Password Date: 2018-05-19 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://www.myscada.org/mypro/ Software Link:...