CVE-2015-2903

The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of this password...

Hardcoded credentials

The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of this password...

CVE-2015-2903

The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of this password...

CVE-2015-2903

The CVE-2015-2903 issue affects HP ArcSight SmartConnectors, specifically the CWSAPI SOAP service, prior to version 7.1.6. The root cause is a hardcoded password used by the CWSAPI SOAP service, which can allow a remote attacker to obtain administrative access if the password is known. Impact des...

Qolsys IQ Panel Using Hardcoded Encryption Keys Vulnerability

Qolsys IQ Panel is an Android OS based touch screen controller for home automation devices and features. A security vulnerability exists in Qolsys IQ Panel versions prior to 1.5.1. A remote attacker can exploit the vulnerability to create a digital signature for code by cleverly constructing...

Hardcoded credentials

Qolsys IQ Panel aka QOL before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation...

CVE-2015-6846

EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption keys, which makes it easier for attackers to obtain access by examining how a program's code conducts cryptographic operations...

Hardcoded credentials

EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption keys, which makes it easier for attackers to obtain access by examining how a program's code conducts cryptographic operations...

CVE-2015-6846

EMC SourceOne Email Supervisor prior to version 7.2 contains hardcoded encryption keys, enabling an attacker to gain access by inspecting cryptographic operations in the program. This CVE (CVE-2015-6846) is documented in multiple feeds (NVD, CVE listings) with a common description of hardcoded ke...

CVE-2015-7765

ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password...

Hardcoded credentials

ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password...

CVE-2015-7765

CVE-2015-7765 affects ManageEngine OpManager (11.5 build 11600 and earlier) and is rooted in a hardcoded IntegrationUser password: "plugin". The vulnerability allows remote authenticated users to obtain administrator access by leveraging this credential, enabling the exploitation of the applicati...

CVE-2015-7765

ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password...

Hardcoded credentials

kernelcrashdump in Apport before 2.19 allows local users to cause a denial of service disk consumption or possibly gain privileges via a 1 symlink or 2 hard link attack on /var/crash/vmcore.log...

CVE-2015-3974

EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENSE, Transformative Wave Technologies, Tridium Asia Pacific, and Tridium Europe products, have a...

Hardcoded credentials

EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENSE, Transformative Wave Technologies, Tridium Asia Pacific, and Tridium Europe products, have a...

CVE-2015-3974

The CVE-2015-3974 entry concerns the EasyIO-30P-SF 32-bit controller that ships with hard-coded credentials. Affected firmware versions are before 0.5.21 and before 2.0.5.21, used across multiple OEM products. Root cause: use of a hard-coded password, enabling remote attackers to gain complete ac...

CVE-2015-3974

EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENSE, Transformative Wave Technologies, Tridium Asia Pacific, and Tridium Europe products, have a...

ADH-Web IP Camera Access Bypass

Advisory Information Title: ADH-Web Server IP-Cameras Improper Access Restrictions Date published: 2015-09-19 Date of last update: 2015-09-19 Vendors contacted: ADH-Web Author: Glaysson dos Santos Release mode: User release 2. Vulnerability Information Class: Information Exposure CWE-200 Impact:...

CVE-2015-6456

GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password...