Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hard-coded vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2015-8289
The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and previous versions allows remote malicious users to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code.
Netgear D3600 Firmware 1.0.0.49
Netgear D6000 Firmware
NA
CVE-2005-2611
VERITAS Backup Exec for Windows Servers 8.6 up to and including 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 up to and including 5.1 uses a static password during authentication from the NDMP agent to the server, which allow...
Symantec Veritas Backup Exec Netware Servers 9.0.4170
Symantec Veritas Backup Exec Netware Servers 9.0.4172
Symantec Veritas Backup Exec Netware Servers 9.1.1152 .4
Symantec Veritas Backup Exec Netware Servers 9.1.1154
Symantec Veritas Backup Exec Windows Servers 8.6
Symantec Veritas Backup Exec Windows Servers 9.0
Symantec Veritas Backup Exec Windows Servers 9.1 Rev. 4691 Sp2
Symantec Veritas Backup Exec Remote Agent Netware Server
Symantec Veritas Netbackup Netware Media Servers 4.5 Fp5
Symantec Veritas Netbackup Netware Media Servers 4.5 Fp6
Symantec Veritas Netbackup Netware Media Servers 4.5 Mp5
Symantec Veritas Netbackup Netware Media Servers 4.5 Mp6
Symantec Veritas Netbackup Netware Media Servers 5.0 Mp4
Symantec Veritas Netbackup Netware Media Servers 5.0 Mp5
Symantec Veritas Netbackup Netware Media Servers 5.1
Symantec Veritas Backup Exec Netware Servers 9.1.1067 .2
Symantec Veritas Backup Exec Netware Servers 9.1.1067 .3
Symantec Veritas Backup Exec Netware Servers 9.1.1127 .1
Symantec Veritas Backup Exec Netware Servers 9.1.307
Symantec Veritas Backup Exec Windows Servers 10.0 Rev. 5484
Symantec Veritas Backup Exec Windows Servers 9.0 Rev. 4454
Symantec Veritas Backup Exec Windows Servers 9.0 Rev. 4454 Sp1
1 EDB exploit
9.8
CVSSv3
CVE-2019-13352
WolfVision Cynap prior to 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset the ADMIN pass...
Wolfvision Cynap
7.8
CVSSv3
CVE-2016-6434
Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.
Cisco Firepower Management Center 6.0.1
1 EDB exploit
9.8
CVSSv3
CVE-2021-33219
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts.
Commscope Ruckus Iot Controller
9.1
CVSSv3
CVE-2019-15304
Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an malicious user to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. This wifi thermome...
Progradegrill Wifi Grilling Thermometer Firmware 1.00 50006
7.5
CVSSv3
CVE-2016-5639
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware prior to 1.4.0.13 allows remote malicious users to read arbitrary files via a .. (dot dot) in the src parameter.
Crestron Airmedia Am-100 Firmware
1 EDB exploit
1 Github repository
8.4
CVSSv3
CVE-2018-0141
A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local malicious user to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploi...
Cisco Prime Collaboration Provisioning 11.6
Cisco Prime Collaboration 11.6
Cisco Prime Collaboration Assurance 11.6
1 Article
NA
CVE-2012-1803
RuggedCom Rugged Operating System (ROS) 3.10.x and previous versions has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote malicious users to obtain access by performing a calculation on this address value, and th...
Siemens Ruggedcom Rugged Operating System
1 EDB exploit
7.8
CVSSv3
CVE-2022-42973
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions p...
Schneider-electric Apc Easy Ups Online Monitoring Software
Schneider-electric Easy Ups Online Monitoring Software
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »