اینستا فارسی - Customized SSL, Dangerous filesystem permissions, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application اینستا فارسی published at the 'play' market has multiple vulnerabilities...

CVE-2016-8567

An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP...

Hardcoded credentials

An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP...

Hardcoded credentials

An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device...

Hardcoded credentials

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication...

CVE-2016-9353

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use...

Hardcoded credentials

The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell...

CVE-2016-8491

The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell...

CVE-2016-8491

CVE-2016-8491 affects Fortinet FortiWLC: presence of a hardcoded account named 'core' that allows attackers to gain unauthorized read/write access via a remote shell. This is evidenced across multiple sources (Fortinet advisory FG-IR-16-065 and various CVE/NVD records) describing a hardcoded core...

CVE-2016-8491

The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell...

CVE-2016-10179

An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607...

Hardcoded credentials

An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607...

CVE-2016-10179

The CVE-2016-10179 entry affects the D-Link DWR-932B router. Multiple sources confirm a hardcoded WPS PIN (28296607) in the device, enabling authentication bypass and potentially unauthorized operations. CNVD-2017-01663 specifically notes exploitation on firmware 02.02eu, and CNVD describes bypas...

CVE-2016-10179

An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607...

Complain Management System SQL Injection

Title : Complain Management System SQL Injection Date: 20 January 2017 Exploit Author: Sibusiso Sishi [email protected] Tested on: Windows7 x32 Vendor: https://sourceforge.net/projects/complain-management-system/ Version: not supplied Download Software:...

Hardcoded credentials

The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to tags...

Hardcoded credentials

The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox URL bar via a crafted HTML page containing PDF data...

Hardcoded credentials

Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

CLIQ Go - Dangerous filesystem permissions, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application CLIQ Go published at the 'play' market has multiple vulnerabilities...

Aloha Browser + free VPN - Customized SSL, Dangerous filesystem permissions, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Aloha Browser + free VPN published at the 'play' market has multiple vulnerabilities...