Authy 2-Factor Authentication - Customized SSL, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Authy 2-Factor Authentication published at the 'play' market has multiple vulnerabilities...

Foscam camera Configuration Backup File Hardcoded Protection Vulnerability

Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera has a configuration backup file protected by hardcoding vulnerability, the encrypted Foscam device configuration file contains the administrator password, t...

Foscam camera Web UI Hides Hardcoded Credentials Vulnerability

Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera Web UI Hidden and Hardcoded Credentials Vulnerability.The Foscam model has hidden and hardcoded credentials that can be exploited by an attacker to gain...

Hardcoded credentials

A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device...

CMS Web-Gooroo 1.141 - Multiple Vulnerabilities

CMS Web-Gooroo 1.141 - Multiple Vulnerabilities Exploit Title: CMS Web-Gooroo getmegaadmin; 2d626704807d4c5be1b46e85c4070fec - mayhem 2967a371178d713d3898957dd44786af - no success in bruteforce, though... 3. Full path disclosure Almost any file, because of lack of input validation and overall bad...

CMS Web-Gooroo < 1.141 - Multiple Vulnerabilities

Exploit Title: CMS Web-Gooroo getmegaadmin; 2d626704807d4c5be1b46e85c4070fec - mayhem 2967a371178d713d3898957dd44786af - no success in bruteforce, though... 3. Full path disclosure Almost any file, because of lack of input validation and overall bad design. CMS log file besides DB log location wi...

Insecure Defaults

Moodle is vulnerable to insecure defaults. The library itself uses a hardcoded key for the rc4encrypt and rc4decrypt functions, making it easier for a malicious user to decrypt sensitive information by reading Moodle's sourcecode. The hardcoded password was set to nfgjeingjk...

Signal Private Messenger - Dangerous filesystem permissions, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Signal Private Messenger published at the 'play' market has multiple vulnerabilities...

Kodi - GPL license, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Kodi published at the 'play' market has multiple vulnerabilities...

Tecnovision DLX Spot - SSH Backdoor Access

Tecnovision DLX Spot - SSH Backdoor Access Exploit Title: DlxSpot - Player4 LED video wall - Hardcoded Root SSH Password. Google Dork: "DlxSpot - Player4" Date: 2017-05-14 Discoverer: Simon Brannstrom Authors Website: https://unknownpwn.github.io/ Vendor Homepage: http://www.tecnovision.com/...

Tecnovision DLX Spot - SSH Backdoor Access

Exploit Title: DlxSpot - Player4 LED video wall - Hardcoded Root SSH Password. Google Dork: "DlxSpot - Player4" Date: 2017-05-14 Discoverer: Simon Brannstrom Authors Website: https://unknownpwn.github.io/ Vendor Homepage: http://www.tecnovision.com/ Software Link: n/a Version: All known versions...

Belden Garrettcom 6K/10K Switches - Authentication Bypass / Memory Corruption

Introduction ------------ Vulnerabilities were identified in the Belden GarrettCom 6K and 10KT Magnum series network switches. These were discovered during a black box assessment and therefore the vulnerability list should not be considered exhaustive; observations suggest that it is likely that...

Trashbilling.com / Trashflow 3.0 XSS / SQL Injection

A blog post with information located here: https://thenopsled.com/trashbilling.html ============ Introduction ============ This was a basic vulnerability analysis of trashbilling.com which I am required to use to pay my trash bill, and Trashflow 3.0, which updates trashbilling.com from the Trash...

Hardcoded credentials

A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise UCCE 11.51 and 11.61 could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account tha...

PT-2018-16: Hardcoded Accounts in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200

The specialists of the Positive Research center have detected a Hardcoded accounts vulnerability in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200. Hardcoded accounts allow attackers to gain access to the FTP server. How to fix Use the vendor's advisory:...

Hardcoded credentials

A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information...

Solarwinds LEM 6.3.1 Hardcoded Credentials Vulnerability

The Postgres database on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 has default hardcoded credentials. While some security measures were taken to ensure that network connectivity to the Postgres database wouldn't be possible using IPv4, the same measures were not taken for...

Hardcoded credentials

Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page...

Solarwinds LEM Database Listener with Hardcoded Credentials

Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials, CWE-284: Improper Access Control Impact: Remote Database Compromise Attack...

Solarwinds LEM 6.3.1 Hardcoded Credentials

KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials Title: Solarwinds LEM Database Listener with Hardcoded Credentials Advisory ID: KL-001-2017-009 Publication Date: 2017.04.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-009.txt 1...