My Telekom - Hardcoded secrets, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application My Telekom published at the 'play' market has multiple vulnerabilities...

Western Digital WDMyCloud 'mydlinkBRionyg' Backdoor

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Western Digital WDMyCloud 'mydlinkBRionyg' Backdoor", 'Description' = %q This module exploits two issues. The first issue is that there is a hard...

WDMyCloud 2.30.165 - Multiple Vulnerabilities

WDMyCloud 2.30.165 - Multiple Vulnerabilities WDMyCloud Multiple Vulnerabilities Vendor: Western Digital Product: WDMyCloud Version: = 2.30.165 Website: https://www.wdc.com/products/network-attached-storage.html / / / / / / / / / / / / / / / / / / / / / \ / // / // / / / / / / / // / / / /,///...

ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote SYSTEM Code Execution

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

Hardcoded credentials

cgi-bin/mft/wirelessmft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-code...

CVE-2014-8389

cgi-bin/mft/wirelessmft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-code...

Hardcoded credentials

Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session...

CVE-2017-17717

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature...

Hardcoded credentials

Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature...

Qwant - Customized SSL, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Qwant published at the 'play' market has multiple vulnerabilities...

Zivif PR115-204-P-RS 2.3.4.2103 Bypass / Command Injection / Hardcoded Password Vulnerabilities

Zivif PR115-204-P-RS cameras version 2.3.4.2103 suffer from authentication bypass, command injection, and hardcoded password vulnerabilities. Researcher: Silas Cutler p1nk Release date: December 10, 2017 Full Disclosure: 90 days CVEs: CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107 Vulnerable...

Booking.com Hotels & Vacation Rentals - Hardcoded secrets, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Booking.com Hotels & Vacation Rentals published at the 'play' market has multiple vulnerabilities...

Zivif PR115-204-P-RS 2.3.4.2103 Bypass / Command Injection / Hardcoded Password

Attack vector: Remote Authentication: None Researcher: Silas Cutler p1nk Release date: December 10, 2017 Full Disclosure: 90 days CVEs: CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107 Vulnerable Device: Zivif PR115-204-P-RS Version: V2.3.4.2103 Timeline: 1 September 2017: Initial alerting to...

CVE-2017-8866

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server...

Hardcoded credentials

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server...

CVE-2017-8866

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server...

CVE-2017-8866

The CVE-2017-8866 entry affects Elemental Path’s CogniToys Dino with firmware

CVE-2017-8866

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server...

Hardcoded credentials

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops wi...

Hardcoded credentials

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitud...