3038 matches found
Hardcoded credentials
Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101...
CVE-2021-39245
CVE-2021-39245 affects Altus Nexto/NX and Hadron Xtorm devices (e.g., Nexto NX3003/3004/3005/3010/3020/3030, NX5100/5101, NX5110, NX5210, Nexto Xpress XP300/315/325/340, Hadron Xtorm HX3040) with 1.7.58.0–1.8.11.0 firmware. Root cause: hardcoded .htaccess credentials for getlogs.cgi enable unauth...
CVE-2021-39245
Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101...
Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials Vulnerability
======================================================================= title: Multiple Critical Vulnerabilities product: Multiple Altus Sistemas de Automacao products: Nexto NX30xx Series Nexto NX5xxx Series Nexto Xpress XP3xx Series Hadron Xtorm HX3040 Series vulnerable version: See "Vulnerable...
Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: Multiple Altus Sistemas de Automacao products: Nexto NX30xx Series Nexto NX5xxx Series Nexto Xpress XP3xx Series Hadron Xtorm...
Hardcoded credentials
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM...
CVE-2020-25565
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server...
CVE-2020-25565
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server...
CVE-2020-25560
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. W...
Hardcoded credentials
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. W...
Hardcoded credentials
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server...
CVE-2020-25565
CVE-2020-25565 affects SapphireIMS 5.0. The issue is a hardcoded credential (username: sapphire, password: ims) that grants portal access. Once accessed, an attacker can inject malicious OS commands via the server-side functions for ping, traceroute, and snmp, enabling code execution on the serve...
CVE-2020-25560
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. W...
CVE-2020-25560
CVE-2020-25560 affects SapphireIMS 5.0. The vulnerability arises from hardcoded credentials (username: sapphire, password: ims) that allow unauthenticated access to the portal. Once access is gained, an attacker can inject OS commands via the server-side functions for ping, traceroute, and SNMP, ...
Tecknodreams SapphireIMS 操作系统命令注入漏洞
Tecknodreams SapphireIMS is an ITIL 2011 certified enterprise class service management system from Tecknodreams India. Tecknodreams SapphireIMS 5.0 suffers from an operating system command injection vulnerability that originates in SapphireIMS 5.0, where hardcoded credentials username: sapphire,...
Hardcoded credentials
QNAP FVioCard 2312 and FVioGate 2308 have hardcoded entries in authorizedkeys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models...
Hardcoded credentials
Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox URL bar via a crafted HTML page...
CVE-2021-27952
Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console...
CVE-2021-27952
Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console...
Hardcoded credentials
Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console...