WordPress WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin <= 1.0.1 - Improper Authorization due to use of Hardcoded Credentials vulnerability

Improper Authorization due to use of Hardcoded Credentials vulnerability discovered by Lucio Sá in WordPress Plugin WP2Speed Faster versions = 1.0.1...

CVE-2024-28751

An high privileged remote attacker can enable telnet access that accepts hardcoded credentials...

CVE-2024-28751 ifm: Hardcoded telnet credentials in Smart PLC

An high privileged remote attacker can enable telnet access that accepts hardcoded credentials...

CVE-2024-28751

CVE-2024-28751 affects ifm electronic Smart PLC AC14xx and AC4xxS (versions 4.3.17 and earlier per CNVD/CVE records). The issue is a trust management vulnerability enabling a remote, high-privilege attacker to enable telnet access with hardcoded credentials. Impact described as remote, unauthenti...

PT-2024-37173 · WordPress · Wp2Speed Faster – Optimize Pagespeed Insights Score

Name of the Vulnerable Software and Affected Versions: WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress versions up to, and including, 1.0.1 Description: The issue is due to the use of hardcoded credentials to authenticate all incoming API requests. This allows...

PT-2024-22560 · Ifm · Smart Plc Ac14Xx Firmware +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A high privileged remote attacker can enable telnet access that accepts hardcoded credentials. Recommendations: At the moment, there is no information...

CVE-2023-41919

Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access...

PT-2024-13010 · Kiloview · P1/P2 +4

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access. Recommendations: At the moment, there is no...

CVE-2024-39208

luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials...

CVE-2024-39208

luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials...

CVE-2024-39208

luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials...

PT-2024-28388 · Unknown · Luci-App-Lucky

Name of the Vulnerable Software and Affected Versions: luci-app-lucky version 2.8.3 Description: The issue is related to hardcoded credentials in the software. Recommendations: For luci-app-lucky version 2.8.3, update to a version where the hardcoded credentials issue is resolved, if available. A...

CVE-2024-39208

CVE-2024-39208 affects luci-app-lucky v2.8.3 and stems from hardcoded credentials in the software. Public sources (NVD, Red Hat, CNNVD, CVE listing) assign a high impact with CVSS v3.1 base score 9.8 (Network attack, no user interaction, privileges NONE, scope UNCHANGED; Confidentiality/Integrity...

Faronics WINSelect Hardcoded Credentials / Bad Permissions / Unhashed Password

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities allowing complete bypass product: Faronics WINSelect Standard + Enterprise vulnerable version: 8.30.xx.903 fixed version: 8.30.xx.903 CVE number:...

CVE-2024-36496 Hardcoded Credentials

The configuration file is encrypted with a static key derived from a static five-character password which allows an attacker to decrypt this file. The application hashes this five-character password with the outdated and broken MD5 algorithm no salt and uses the first five bytes as the key for RC...

CVE-2024-36496 Hardcoded Credentials

The configuration file is encrypted with a static key derived from a static five-character password which allows an attacker to decrypt this file. The application hashes this five-character password with the outdated and broken MD5 algorithm no salt and uses the first five bytes as the key for RC...

(Pwn2Own) Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BLE AppAuthenRequest command...

PT-2024-20201 · Autel · Autel Maxicharger Ac Elite Business C50

Name of the Vulnerable Software and Affected Versions: Autel MaxiCharger AC Elite Business C50 affected versions not specified Description: This issue allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations...

PaperCut NG VendorKeys Hardcoded Credentials Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a VendorKeys object. The issue results from the use of hard-coded...

CVE-2024-34539

Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to the administration panel and to perform privileged actions...