Hardcoded credentials

LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service browser hang via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements...

Hardcoded credentials

Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS...

Shenzhen TVT Digital Technology Co. Ltd & OEM {DVR/NVR/IPC} API RCE

Subject: Shenzhen TVT Digital Technology Co. Ltd & OEM DVR/NVR/IPC API RCE Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Python PoC: https://github.com/mcw0/PoC/blob/master/TVT-PoC.py Release date: April 9,...

CVE-2014-3413

The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access...

Hardcoded credentials

The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access...

CVE-2014-3413

The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access...

CVE-2014-3413

The CVE-2014-3413 vulnerability affects Juniper Networks Junos Space prior to 13.3R1.8, where the MySQL server contains an unspecified hardcoded account password. This allows remote attackers with database access to obtain sensitive information and potentially gain administrative control. Affecte...

Hardcoded credentials

Target influence via framing vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames...

Hardcoded credentials

Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/loginpar.js...

CVE-2018-9161

Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/loginpar.js...

CVE-2018-9161

Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/loginpar.js...

CVE-2018-9161

Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/loginpar.js...

CVE-2018-9161

CVE-2018-9161 affects PrismaWEB 1.21 (Prisma Industriale Checkweigher). The connected documentation shows a credential-disclosure vulnerability where hard-coded credentials are stored in and disclosed via login_par.js (used by the Login() function in script.js), allowing remote attackers to bypas...

CVE-2018-9161

Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/loginpar.js...

D-Link DIR-850L Backdoor Account / Hardcoded Credentials (Telnet)

The D-Link DIR-850L router has a backdoor account with hardcoded credentials. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

StaCoAn - Crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications. This tool will look for interesting lines in the code which can contain: Hardcoded credentials API keys URL's of API's Decryption keys Major coding...

Hardcoded credentials

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password...

EMC Data Protection Advisor < 6.4.110 Database Hardcoded Password Vulnerability

According to its self-reported version number, the EMC Data Protection Advisor running on the remote host is 6.3.x prior to 6.3 patch 159 or 6.4.x prior to 6.4 patch 110. It is, therefore, affected by a default credential vulnerability due to hardcoded password with the appolosuperuser database...

Dell EMC Data Protection Advisor Local Hardcoded Credential Information Disclosure Vulnerability

Dell EMC Data Protection Advisor is a suite of data protection management solutions from Dell USA. The solution supports automated and centralized execution of all such data collection and analysis, as well as obtaining a single comprehensive view of the data protection environment and activities...

CVE-2016-0235

IBM Security Guardium Database Activity Monitor 10 allows local users to have unspecified impact by leveraging administrator access to a hardcoded password, related to use on GRUB systems. IBM X-Force ID: 110326...