hardcoded vulnerabilities and exploits

10
CVSSv2
CVE-2018-6387

iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of user for the user account....

5.4
CVSSv2
CVE-2016-8754

Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. An attacker may obtain the hardcoded keys and log in to such a device through SSH....

7.5
CVSSv2
CVE-2007-2032

Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID...

7.5
CVSSv2
CVE-2015-4667

Multiple hardcoded credentials in Xsuite 2.x....

XceediumXsuite
5
CVSSv2
CVE-2017-7537

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing...

10
CVSSv2
CVE-2002-0537

The admin.html file in StepWeb Search Engine (SWS) 2.5 stores passwords in links to manager.pl, which allows remote attackers who can access the admin.html file to gain administrative privileges to SWS....

7.2
CVSSv2
CVE-2017-3762

Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local...

LenovoFingerprint Manager Pro
10
CVSSv2
CVE-2017-16844

Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different...

Procmail
7.5
CVSSv2
CVE-2014-3618

Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."...

ProcmailCanonicalUbuntu Linux
7.5
CVSSv2
CVE-2018-13342

The server API in the Anda app relies on hardcoded credentials....