Hardcoded credentials

A vulnerability in Cisco Prime Collaboration Provisioning PCP Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by...

Seagate BlackArmor NAS Hardcoded Credentials Vulnerability

Seagate BlackArmor NAS is a network storage server from Seagate USA that provides layered protection, data incremental and system backup and recovery of business critical data. A security vulnerability exists in the backupmgt/preconnectcheck.php file in Seagate BlackArmor NAS, which stems from th...

CVE-2018-7441

Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junksplitimage.ps in prog/splitimage2pdf.c...

DEBIAN-CVE-2018-7441

Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junksplitimage.ps in prog/splitimage2pdf.c...

CVE-2018-7441

Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junksplitimage.ps in prog/splitimage2pdf.c...

Hardcoded credentials

backupmgt/preconnectcheck.php in Seagate BlackArmor NAS contains a hard-coded password of '!@$$%FREDESWWSED' for a backdoor user...

CVE-2018-7441

Leptonica library (CVE-2018-7441): through version 1.75.3, it uses hardcoded /tmp pathnames, enabling local users to overwrite arbitrary files or cause other impact via pre-created files or a race condition (example: /tmp/junk_split_image.ps in prog/splitimage2pdf.c). Affected packages include Le...

Hardcoded credentials

A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found...

Hardcoded credentials

A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found...

Hardcoded credentials

A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. Telnet on the pump uses hardcoded credentials, which can be used if the pump is configured to allow external communications. Smiths Medical assesses that i...

CVE-2017-12724

A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pump is configured ...

Open Source Static Code Analyser: StaCoAn

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications. This tool will look for interesting lines in the code which can contain: Hardcoded credentials API keys URL’s of API’s Decryption keys Major coding...

Vobot Clock root privileges hardcoded SSH credentials vulnerability

The Vobot Clock is a smart bedside alarm clock equipped with Amazon Alexa, Sleep Coach and Daily Routine programs. VOBOT CLOCK Versions prior to 0.99.30 are vulnerable to a root privilege hardcoded SSH credentials vulnerability.The SSH server has hardcoded vobot user accounts and passwords with...

Hardcoded credentials

An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access...

CVE-2018-6825

An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access...

Hardcoded credentials

VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information, and consequently execute arbitrary code, via a crafted certificate, as demonstrated by leveraging a hardcoded...

CVE-2018-6825

An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access...

CVE-2018-6825

An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access...

CVE-2012-2166

IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041...

Hardcoded credentials

IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041...