Hardcoded credentials

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain...

Hardcoded credentials

An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded values derived from the MD5 hash of the username and serial number mixed with some static strings. T...

Hardcoded credentials

ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information...

Hardcoded credentials

Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password ‘passw0rd’ if a password is not provided for PostgreSQL at install-time...

Hardcoded credentials

Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a privileged page via a crafted HTML page...

Hardcoded credentials

A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary...

Hardcoded credentials

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395...

Hardcoded credentials

A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph...

Hardcoded credentials

homee Brain Cube v2 2.28.2 and 2.28.4 devices have sensitive SSH keys within downloadable and unencrypted firmware images. This allows remote attackers to use the support server as a SOCKS proxy...

Hardcoded credentials

SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access...

Backdoor.Win32.Danton.43 Code Execution / Hardcoded Credentials

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/85f7ef2b6b8da9adb7723a13b91ac1c7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Danton.43 Vulnerability: Weak Hardcoded Credentials RCE Description: The malware...

Hardcoded credentials

An issue was discovered in Smartstore aka SmartStoreNET through 4.1.1. Views/Boards/Partials/ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post...

Hardcoded credentials

JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service e.g., disable access to the database after the attack stops via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are...

Hardcoded credentials

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly...

Hardcoded credentials

Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory owned by a non-root user, a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem...

CVE-2021-20401

IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196075...

Hardcoded credentials

IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196075...

Hardcoded credentials

IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 191748...

CVE-2021-20401

IBM QRadar SIEM CVE-2021-20401 involves hard-coded credentials. Affected products are IBM QRadar SIEM versions 7.3 (7.3.0–7.3.3 Patch 7) and 7.4 (7.4.0–7.4.2 Patch 2). The underlying issue is use of hard-coded passwords or cryptographic keys for inbound authentication, outbound communication, or ...

CVE-2020-21995

Inim Electronics Smartliving SmartLAN/G/SI =6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system...