Emerson DeltaV Credentials Management Errors (CVE-2014-2350)

Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program. This plugin only works with Tenable.ot. Please visit...

Emerson OSE Credentials Management Errors (CVE-2013-0694)

The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by...

Hardcoded credentials

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the product they could potentially observe and...

Hardcoded credentials

The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions...

Hardcoded credentials

This affects the package putil-merge before 3.8.0. The merge function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property. Note: This vulnerability derives from an incomplete fix in...

Hardcoded credentials

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APPKEY value, leading to pre-auth remote code execution...

CVE-2020-36064

Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised...

CVE-2020-36064

Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised...

CVE-2020-36064

Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised...

Hardcoded credentials

Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised...

CVE-2020-36064

Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised...

CVE-2020-36064

Online Course Registration v1.0 is affected by hardcoded credentials in the source code, enabling attackers to access the control panel if credentials are exposed. The CVE description and linked sources confirm this root cause and impact. No remediation or patched version is provided in the avail...

Hardcoded credentials

Requests may be used to interrupt the normal operation of the device. When exploited, Fresenius Kabi Agilia Link+ version 3.0 must be rebooted via a hard reset triggered by pressing a button on the rack system...

Hardcoded credentials

MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code...

Backdoor.Win32.Wollf.16 Hardcoded Credential

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/204613443e555f73237ea43a2faecaa5B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.16 Vulnerability: Weak Hardcoded Credentials Description: The malware runs wit...

Hardcoded seed phrase in sherlock-v2-core repo

Handle cryptphi Vulnerability details Impact The hardcoded mnemonic can lead to account compromise. Proof of Concept There exists hardcoded credentials in line This credentials can be used to takeover the wallet address used. Tools Used Github Recommended Mitigation Steps Avoid hardcoding...

Hardcoded credentials

Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

Hardcoded credentials

The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service...

Hardcoded credentials

Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system...

Hardcoded credentials

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions V16.20, CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions V16.20, CP-8021 MASTER MODULE All versions V16.20, CP-8022 MASTER MODULE WITH GPRS All versions V16.20. An undocumented debug port uses...