3038 matches found
CVE-2021-41320
CVE-2021-41320 affects Wallstreet Suite TRM 7.4.83 (64-bit). The vulnerability arises from a technical user with higher privileges due to hardcoded credentials claim (vendor disputes this claim by noting the password can be changed during installation or later). Public risk detail is limited to c...
8x8: Hardcoded AWS credentials in ███████.msi
A hardcoded AWS access token was discovered within an MSI file available for download on the 8x8 site. The researcher was able to demonstrate access to 8x8 AWS infrastructure. The token was promptly restricted...
Hardcoded credentials
Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
Hardcoded credentials
Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details "details"...
Hardcoded credentials
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed CRLF control characters and include arbitrary SMTP headers in the generated test email...
Hardcoded credentials
An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password...
Hardcoded credentials
REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file...
Hardcoded credentials
ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in...
CVE-2021-41828
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml...
CVE-2021-41827
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive...
CVE-2021-41827
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive...
CVE-2021-41828
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml...
Hardcoded credentials
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive...
Hardcoded credentials
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml...
CVE-2021-41827
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive...
CVE-2021-41827
CVE-2021-41827 affects Zoho ManageEngine Remote Access Plus prior to 10.1.2121.1. The issue is a hardcoded credential set for read-only access found in the source of the DCBackupRestore JAR archive, enabling potential unauthorized read access if exploited. Public references in the provided docume...
CVE-2021-41828
Zoho ManageEngine Remote Access Plus is affected by a hard-coded credentials issue tied to resetPWD.xml, exposed in versions before 10.1.2121.1. The vulnerability could allow unauthorized access via the trust management mechanism. Relevant connected documents corroborate hard-coded credentials in...
CVE-2021-41828
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml...
Hardcoded credentials
An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files...