Hardcoded credentials

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

Airangel Hsmx Gateway Hardcoded Credentials Vulnerability

Airangel Hsmx Gateway is a platform from Airangel UK, Inc. A hard-coded credential vulnerability exists in versions of Airangel Hsmx Gateway prior to 5.2.04, which stems from the use of PostgreSQL database credentials hard-coded in the configuration file. An attacker could steal this credential t...

Hardcoded credentials

An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device...

Hardcoded credentials

Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker...

Hardcoded credentials

Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials...

Hardcoded credentials

neoan3-apps/template is a neoan3 minimal template engine. Versions prior to 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function...

Hardcoded credentials

lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30...

Hardcoded credentials

In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. This payload will execute globally on the client side...

Hardcoded credentials

The Hashthemes Demo Importer Plugin = 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of...

Hardcoded credentials

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network position may be able to bypass HSTS...

CVE-2021-41320

A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 64-bit edition with higher privilege than the average authenticated user. NOTE: the vendor disputes this because the password is not hardcoded it can be changed during installation or at any later time...

CVE-2021-41320

A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 64-bit edition with higher privilege than the average authenticated user. NOTE: the vendor disputes this because the password is not hardcoded it can be changed during installation or at any later time...

Hardcoded credentials

A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 64-bit edition with higher privilege than the average authenticated user...

CVE-2021-41320

A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 64-bit edition with higher privilege than the average authenticated user. NOTE: the vendor disputes this because the password is not hardcoded it can be changed during installation or at any later time...

CVE-2021-41320

CVE-2021-41320 affects Wallstreet Suite TRM 7.4.83 (64-bit). The vulnerability arises from a technical user with higher privileges due to hardcoded credentials claim (vendor disputes this claim by noting the password can be changed during installation or later). Public risk detail is limited to c...

8x8: Hardcoded AWS credentials in ███████.msi

A hardcoded AWS access token was discovered within an MSI file available for download on the 8x8 site. The researcher was able to demonstrate access to 8x8 AWS infrastructure. The token was promptly restricted...

Hardcoded credentials

Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Hardcoded credentials

Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities

Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details "details"...

Hardcoded credentials

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed CRLF control characters and include arbitrary SMTP headers in the generated test email...