CVE-2012-2567

The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted 1 FTP or 2 HTTP session...

CVE-2012-2567

The CVE-2012-2567 entry refers to Xelex MobileTrack for Android (2.3.7 and earlier) that uses hardcoded credentials and transmits data over an insecure FTP/HTTP session, exposing potentially sensitive user data. Root cause: information exposure due to non-secure authentication/storage configurati...

Root Access Vulnerability on ZTE Android Device

Certain Android devices manufactured by the China-based ZTE Corporation contain a poorly protected setuid shell that can be used to gain root-access to vulnerable devices, according to Lookout Mobile Security. Any attacker who successfully exploits the vulnerability will have complete control of...

Hardcoded credentials

GRScript18.dll before 1.2.2.0 in ActiveScriptRuby ASR before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document...

Hardcoded credentials

EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded credentials, which makes it easier for remote attackers to obtain access via unknown vectors...

CVE-2012-0402

EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded credentials, which makes it easier for remote attackers to obtain access via unknown vectors...

CVE-2012-0402

EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded credentials, which makes it easier for remote attackers to obtain access via unknown vectors...

CVE-2012-0402

CVE-2012-0402 affects EMC RSA enVision 4.x prior to 4.1 Patch 4, which uses unspecified hardcoded credentials that could allow a remote attacker to gain access via unknown vectors. The vulnerability is within RSA enVision’s authentication surface, with a CVSS Base Score of 9.3 (High) per NVD. Aff...

EMC RSA enVision multiple security vulnerabilities

Crossite scripting, SQL injection, directory traversal, hardcoded accounts, restrictions bypass...

ESA-2012-014: RSA enVision Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-014: RSA enVision Multiple Vulnerabilities EMC Identifier:ESA-2012-014 CVE Identifiers: CVE-2012-0399, CVE-2012-0400, CVE-2012-0401, CVE-2012-0402, CVE-2012-0403 Severity Rating: CVSS Base Score: See below for scores for individual...

Hardcoded credentials

The Web Configuration tool in VMware vCenter Orchestrator vCO 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document...

CVE-2012-1288

The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP session...

CVE-2012-1288

The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP session...

CVE-2012-1288

The CVE refers to UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock devices that use hardcoded administrative credentials. The underlying issue is a hardcoded admin user/password that can be used to access the device via its web interface, enabling remote attackers to obtain access and potenti...

Hardcoded credentials

Multiple unspecified vulnerabilities in the 1 PrintFile and 2 SaveDoc methods in the VsVIEW6 ActiveX control in VsVIEW6.ocx in IBM SPSS SamplePower 3.0 allow remote attackers to execute arbitrary code via a crafted HTML document...

Hardcoded credentials

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...

CVE-2011-4859

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771 and 140CPU65 modules, the Premium TSXETY and TSXP57 modules, the M340 BMXNOE01 and BMXP3420 modules, and the STB DIO STBNIC2212 and STBNIP2 modules, uses hardcoded passwords for the 1 AUTCSE, 2 AUTCSE, 3 fdrusers, 4...

Hardcoded credentials

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771 and 140CPU65 modules, the Premium TSXETY and TSXP57 modules, the M340 BMXNOE01 and BMXP3420 modules, and the STB DIO STBNIC2212 and STBNIP2 modules, uses hardcoded passwords for the 1 AUTCSE, 2 AUTCSE, 3 fdrusers, 4...

CVE-2011-4859

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771 and 140CPU65 modules, the Premium TSXETY and TSXP57 modules, the M340 BMXNOE01 and BMXP3420 modules, and the STB DIO STBNIC2212 and STBNIP2 modules, uses hardcoded passwords for the 1 AUTCSE, 2 AUTCSE, 3 fdrusers, 4...

CVE-2011-4859

CVE-2011-4859 concerns the Schneider Electric Quantum Ethernet Module family, where hard-coded credentials exist for 16 accounts (AUTCSE, AUT_CSE, fdrusers, ftpuser, loader, nic2212, nimrohs2212, nip2212, noe77111_v500, ntpupdate, pcfactory, sysdiag, target, test, USER, webserver). This enables r...