CVE-2016-1394

Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238...

CVE-2016-1394

Cisco Firepower System Software versions 6.0.0–6.1.0 are affected by a hardcoded/default account that allows unauthenticated, remote CLI login by exploiting knowledge of the password (Bug CSCuz56238). The vulnerability stems from a default static password created during installation, enabling the...

CVE-2016-1394

Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238...

Riverbed SteelCentral NetProfiler & NetExpress Virtual Editions < 10.9.0 Multiple Vulnerabilities

The Riverbed SteelCentral NetProfiler and NetExpress virtual appliances are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...

Riverbed SteelCentral NetProfiler & NetExpress 10.8.7 - Multiple Vulnerabilities

Exploit for php platform in category web applications Riverbed SteelCentral NetProfiler & NetExpress Multiple Vulnerabilities Affected versions: SteelCentral NetProfiler = 10.8.7 & SteelCentral NetExpress = 10.8.7 PDF:...

手机百度 - Dangerous filesystem permissions, Hardcoded secrets, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application 手机百度 published at the 'play' market has multiple vulnerabilities...

CVE-2016-2362

Fonality previously trixbox Pro 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a 1 FTP or 2 SSH connection...

CVE-2016-2362

Fonality previously trixbox Pro 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a 1 FTP or 2 SSH connection...

Hardcoded credentials

Fonality previously trixbox Pro 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a 1 FTP or 2 SSH connection...

CVE-2015-8288

NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from...

Hardcoded credentials

NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from...

Hardcoded credentials

The Chrome HUDweb plugin before 2016-05-05 for Fonality previously trixbox Pro 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from...

CVE-2016-2362

Fonality previously trixbox Pro 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a 1 FTP or 2 SSH connection...

CVE-2015-8288

NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from...

CVE-2015-8288

Netgear D6000 and D3600 routers running firmware 1.0.0.49 (and earlier) contain a hard-coded RSA private key and a hard-coded X.509 certificate/key pair, enabling remote attackers to bypass cryptographic protections, gain administrator access, perform man‑in‑the‑middle attacks, or decrypt passive...

CVE-2016-2364

The Chrome HUDweb plugin before 2016-05-05 for Fonality previously trixbox Pro 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from...

CVE-2016-2362

Fonality (formerly trixbox Pro) 12.6–14.1i before 2016-06-01 contains a hardcoded FTP password, enabling remote attackers to log in via FTP or SSH and gain access as the ‘nobody’ user. Multiple sources (NVD entry CVE-2016-2362, related CNVD/CVE records, and CERT entries) corroborate that this vul...

Netgear D6000 and D3600 Hardcoded RSA Key Vulnerability

The Netgear D6000 and D3600 are wireless router products from American Netgear. The Netgear D6000 and D3600 device firmware uses hard-coded RSA keys, which allows remote attackers to exploit the vulnerability to conduct a man-in-the-middle attack with the keys, gain administrator access, and...

WooCommerce plugin for WordPress: source code security analysis report

Several vulnerabilities were discovered in WooThemes 'WooCommerce plugin for WordPress' software: File System Path Manipulation Using Global Variables Incorrect Newline Symbol Filtration in HTTP-response Headers Hardcoded Credentials...

CVE-2016-4328

MEDHOST Perioperative Information Management System aka PIMS or VPIMS before 2015R1 has hardcoded credentials, which makes it easier for remote attackers to obtain sensitive information via direct requests to the application database server...