Hardcoded credentials

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential...

Hardcoded credentials

Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet...

Hardcoded credentials

N.V.K.INTER CO., LTD. NVK iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login with root privileges via the SSH service...

Hardcoded credentials

NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate...

Hardcoded credentials

lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected...

CVE-2023-3265

An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenticated attacker can leverage this...

Hardcoded credentials

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or...

Hardcoded credentials

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or...

Hardcoded credentials

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information...

Hardcoded credentials

An issue was discovered in libacdes3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root passwor...

Hardcoded credentials

Use of hard-coded credentials in some IntelR UnisonTM software before version 10.12 may allow an authenticated user user to potentially enable information disclosure via local access...

Hardcoded credentials

Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Homework Helper App: before 6.2.3...

Hardcoded credentials

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password...

PT-2023-4529 · Phoenix Contact · Phoenix Contact Wp 6Xxx Series Web Panels

Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT WP 6xxx series web panels versions prior to 4.0.10 Description: The issue is related to the use of hardcoded credentials in the web panels for managing and monitoring processes in industrial systems. An authenticated, remote...

Hardcoded credentials

TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password PIN: 385521, 843646, and 592671...

Hardcoded credentials

Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions...

Hardcoded credentials

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the...

Hardcoded credentials

Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access system to operate processes and access data. This issue affects Vitals ESP: from 3.0.8 through...

Hardcoded credentials

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Item/Configure permission to access and capture credentials they are not entitled to. See the following Jenkins security advisory for details:...

Hardcoded credentials

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details:...