TOTOLINK A3100R Trust Management Issue Vulnerability

TOTOLINK A3100R is a series of wireless routers from China Gion Electronics TOTOLINK.TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 is vulnerable to a trust management issue, which stems from the presence of a hardcoded password in the component /web cste/cgi-bin/product.ini wi...

CVE-2022-29645

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample...

Hardcoded credentials

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample...

TOTOLINK A3100R 信任管理问题漏洞

TOTOLINK A3100R is a series of wireless routers from China Gion Electronics TOTOLINK.TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 is vulnerable to a trust management issue, which stems from the presence of a hardcoded password in the component /web cste/cgi-bin/product.ini wi...

EUVD-2012-4305

hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838...

GHSA-MV8G-FHH6-6267 Django user with hardcoded password created when running tests on Oracle

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually...

Gitlab 14.9 Authentication Bypass

Exploit Title: Gitlab 14.9 - Authentication Bypass Date: 12/04/2022 Exploit Authors: Greenwolf & stacksmashing Vendor Homepage: https://about.gitlab.com/ Software Link: https://about.gitlab.com/install Version: GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to...

Backdoor.Win32.Psychward.03.a Weak Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/4b9a42ca1e65cf0a7febbe18f397ef24.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Psychward.03.a Vulnerability: Weak Hardcoded Password Description: The malware listen...

GitLab 14.7 < 14.7.7 / 14.8 < 14.8.5 / 14.9 < 14.9.2 (CVE-2022-1162)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SAML in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2...

GitLab 14.7.x < 14.7.7, 14.8.x < 14.8.5, 14.9.x < 14.9.2 Hardcoded Password Vulnerability

GitLab is prone to a hardcoded password vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

CVE-2022-1162

A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SAML in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts...

CVE-2022-1162

A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SAML in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts...

CVE-2022-1162

A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SAML in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts...

UBUNTU-CVE-2022-1162

A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SAML in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts...

Hardcoded credentials

A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SAML in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts...

CVE-2022-1162

GitLab CVE-2022-1162 affects GitLab CE/EE versions 14.7 before 14.7.7, 14.8 before 14.8.5, and 14.9 before 14.9.2. Root cause: a hardcoded password was set for accounts registered via OmniAuth providers (OAuth, LDAP, SAML), enabling potential account takeover. Impact: high-risk credential exposur...

CVE-2022-1162

Removed by vendor...

FreeBSD : Gitlab -- multiple vulnerabilities (8657eedd-b423-11ec-9559-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 8657eedd-b423-11ec-9559-001b217b3468 advisory. - Incorrect authorization in the Asana integration's branch restriction feature in all version...

PT-2022-2064 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.7 prior to 14.7.7 GitLab CE/EE versions 14.8 prior to 14.8.5 GitLab CE/EE versions 14.9 prior to 14.9.2 Description: A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SA...

CVE-2022-25577

ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data...