hard-coded vulnerabilities and exploits

(subscribe to this query)

An issue exists on WatchGuard AP100, AP102, and AP200 devices with firmware prior to 1.2.9.15, and AP300 devices with firmware prior to 2.0.0.10. Incorrect validation of the "old password" field in the change password form allows an malicious user to bypass validation o...

Watchguard Ap200 Firmware Watchguard Ap102 Firmware Watchguard Ap100 Firmware Watchguard Ap300 Firmware

The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the malicious user to learn the location of...

Mycarcontrols Mycar Controls

RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote malicious users to gain privileges via port 8022.

Riorey Rios 4.6.6 Riorey Rios 4.7.0

1 EDB exploit

Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows malicious user to login to product instances wrongly configured.

The LIXIL Corporation My SATIS Genius Toilet application for Android has a hardcoded Bluetooth PIN, which allows physically proximate malicious users to trigger physical resource consumption (water or heat) or user discomfort.

Lixil My Satis Genius Toilet -

Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and previous versions due to lack of error handling process even when an error was detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to informat...

Jtekt Screen Creator Advance 2 Jtekt Screen Creator Advance 2 0.1.1.4

ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote malicious users to modify account information in the .htpasswd file via brute force password guessing.

Ibill Internet Billing Company Processing Plus

1 EDB exploit

Cisco IOS 12.2 up to and including 12.4 prior to 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allow...

Cisco Ios Cisco Ios 12.3(1a)Cisco Ios 12.3(2)ja Cisco Ios 12.3(2)ja5 Cisco Ios 12.3(2)jk Cisco Ios 12.3(2)jk1 Cisco Ios 12.3(2)t3 Cisco Ios 12.3(2)t8 Cisco Ios 12.3(2)xa4 Cisco Ios 12.3(2)xa5 Cisco Ios 12.3(2)xc1 Cisco Ios 12.3(2)xc2

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an u...

Siemens Logo!8 Bm Firmware

The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices prior to 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote malicious users to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-20...

Harman Amx Firmware 1.2.322 Harman Amx Firmware 1.3.100

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook