CVE-2015-1453

The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences...

CVE-2015-1453

CVE-2015-1453 affects Fortinet FortiClient for Android 5.2.3.091, where the qm class uses a hardcoded encryption key (FoRtInEt!AnDrOiD). This enables an attacker to decrypt data stored in Shared Preferences and potentially obtain passwords or other sensitive data. The available sources describe t...

CVE-2014-9198

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session...

Hardcoded credentials

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session...

CVE-2014-9198

The CVE-2014-9198 vulnerability affects Schneider Electric’s ETG3000 FactoryCast HMI Gateway (firmware up to version 1.60 IR 04). The issue is a design flaw in the FTP server that relies on hardcoded/default credentials, enabling remote attackers to access the FTP service and potentially disclose...

CVE-2014-9198 Schneider Electric ETG3000 FactoryCast HMI Gateway Use of Hard-coded Credentials

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session...

CVE-2014-9576

VDG Security SENSE formerly DIVA 2.3.13 has a hardcoded password of 1 ArpaRomaWi for the root Postgres account and !DVService for the 2 postgres and 3 NTP Windows user accounts, which allows remote attackers to obtain access...

Hardcoded credentials

VDG Security SENSE formerly DIVA 2.3.13 has a hardcoded password of 1 ArpaRomaWi for the root Postgres account and !DVService for the 2 postgres and 3 NTP Windows user accounts, which allows remote attackers to obtain access...

CVE-2014-9576

VDG Security SENSE formerly DIVA 2.3.13 has a hardcoded password of 1 ArpaRomaWi for the root Postgres account and !DVService for the 2 postgres and 3 NTP Windows user accounts, which allows remote attackers to obtain access...

CVE-2014-9576

CVE-2014-9576 affects VDG Security SENSE (formerly DIVA) version 2.3.13. The vulnerability arises from hardcoded credentials: ArpaRomaWi for the root Postgres account, and !DVService for the postgres and NTP Windows user accounts, enabling remote access for an attacker. Exploitation details are n...

Hardcoded credentials

The HashContext class in hphp/runtime/ext/exthash.cpp in Facebook HipHop Virtual Machine HHVM before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string,...

Emerson Patches Series of Flaws in Controllers Used in Oil and Gas Pipelines

Researchers have identified a wide range of vulnerabilities in remote terminal units manufactured by Emerson Process Management that are widely used in oil and gas pipelines and other applications. The vulnerabilities include a number of hidden functions in the RTUs, an authentication bypass and...

VDG Security SENSE 2.3.13 File Disclosure / Bypass / Buffer Overflow

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: VDG Security SENSE formerly DIVA vulnerable version: 2.3.13 fixed version: unknown - no vendor confirmation impact: critical...

ZTE 831CII Multiple Vulnerablities

Exploit for hardware platform in category web applications Exploit Title: ZTE 831CII Multiple Vulnerablities Date: 11/3/2014 Exploit Author: Paulos Yibelo Vendor Homepage: zte.com.cn Software Link: - Version: - Tested on: Windows 7 CVE :- Hardcoded default misconfiguration - The modem comes with...

ZTE 831CII Multiple Vulnerablities

Hardcoded default misconfiguration - The modem comes with admin:admin user credintials. Stored XSS - http://192.168.1.1/psilan.cgi?action=save&ethIpAddress=192.168.1.1&ethSubnetMask=255.255.255.0&hostname=ZXDSL83C1II&domainname=home27;alert28029;//&enblUpnp=1&enblLan2=0 Any user browsing to...

ZTE 831CII Hardcoded Credential / XSS / CSRF

Hardcoded default misconfiguration - The modem comes with admin:admin user credintials. Stored XSS - http://192.168.1.1/psilan.cgi?action=save&ethIpAddress=192.168.1.1&ethSubnetMask=255.255.255.0&hostname=ZXDSL83C1II&domainname=home%27;alert%280%29;//&enblUpnp=1&enblLan2=0 Any user browsing to...

Softing FG-100 PB Hardcoded Backdoor

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Softing FG-100 PB Vendor: Softing AG www.softing.com CVD ID: CVE-2014-6617 Subject: Backdoor Account Risk: High Effect: Remotely exploitable Author: Ingmar Rosenhagen Daniel Marzin Johannes Klick Date: 05.11.2014...

Hardcoded credentials

The Herpin Time Radio aka com.herpin.time.radio application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Hardcoded credentials

The Top Hangover Cures aka com.TopHangoverCures application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5420

CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors...