3032 matches found
Dell OpenManage Enterprise Hardcoded Credentails / Privilege Escalation / Deserialization
Dell OpenManage Enterprise versions up to 3.6.1 suffer from multiple hard-coded credential issues, multiple privilege escalation, weak permissions, authentication bypass, and other vulnerabilities. Please find a text-only version below sent to security mailing lists. The complete version on...
Allsafe - Intentionally Vulnerable Android Application
Allsafe is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable Android apps, this one is less like a CTF and more like a real-life application that uses modern libraries and technologies. Additionally, I have included some Frida based challenges...
Dell OpenManage Enterprise Hardcoded Credentails / Privilege Escalation / Deserialization
Hello, Please find a text-only version below sent to security mailing lists. The complete version on "Multiple vulnerabilities in Dell OpenManage Enterprise" is posted here: https://pierrekim.github.io/blog/2021-07-19-dell-openmanage-enterprise-0day-vulnerabilities.html === text-version of the...
Hardcoded credentials
UNSUPPORTED WHEN ASSIGNED KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
Hardcoded credentials
The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in...
CVE-2021-0279
Juniper Networks Contrail Cloud CC releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative...
CVE-2021-0279
Juniper Networks Contrail Cloud CC releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative...
Hardcoded credentials
Juniper Networks Contrail Cloud CC releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative...
CVE-2021-0279 Contrail Cloud: Hardcoded credentials for RabbitMQ service
Juniper Networks Contrail Cloud CC releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative...
CVE-2021-0279
CVE-2021-0279 concerns Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0, where the RabbitMQ service is enabled by default and uses hardcoded credentials. The result is that an attacker who can access the RabbitMQ administrative interface (for example, the GUI) may cause a Denial of S...
Hardcoded credentials
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an...
Hardcoded credentials
Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...
QSAN Storage Manager Hardcoded Credentials Vulnerability
QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A hard-coded credentials vulnerability exists in QSAN Storage Manager version 3.3.1 build 202101041800 and prior versions. An attacker can exploit this vulnerability to open the control interface via the...
Hardcoded credentials
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access...
Hardcoded credentials
The same hard-coded password in QSAN Storage Manager's in the firmware allows remote attackers to access the control interface with the administrator’s credential, entering the hard-coded password of the debug mode to execute the restricted system instructions. The referred vulnerability has been...
Hardcoded credentials
The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0...
Hardcoded credentials
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in cominstaller lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for cominstaller is limited to super users already...
Hardcoded credentials
In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can...
Hardcoded credentials
Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 89...
Synology Calendar 信任管理问题漏洞
Synology Calendar is a file protection program from Synology Inc. of Taiwan, China that runs on Synology NAS Network Storage Server devices. A trust management issue vulnerability exists in Synology Calendar prior to version 2.4.0-0761, which stems from the use of hardcoded credentials in the php...