3038 matches found
CVE-2024-2420
Summary: CVE-2024-2420 affects LenelS2 NetBox access control and event monitoring system. A hard-coded credential vulnerability in versions prior to and including 5.6.1 allows an attacker to bypass authentication. Affected product/versions are LenelS2 NetBox
CVE-2024-36049
Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write access to personal...
CVE-2024-36049
Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write access to personal...
CVE-2024-36049
Aptos Wisal Payroll Accounting prior to version 7.1.6 is affected by a vulnerability where the Windows client uses hardcoded credentials to fetch the full list of usernames and passwords from the database over an unencrypted connection. This enables a machine-in-the-middle attacker to read and wr...
PT-2024-26862 · Aptos +1 · Aptos Wisal Payroll Accounting +1
Name of the Vulnerable Software and Affected Versions: Aptos Wisal payroll accounting versions prior to 7.1.6 Description: The issue allows attackers in a machine-in-the-middle position to gain read and write access to personally identifiable information PII and payroll data. It also enables them...
WordPress Visual Website Collaboration, Feedback & Project Management – Atarim plugin <= 3.22.6 - Hardcoded Credentials vulnerability
Hardcoded Credentials vulnerability discovered by Lucio Sá in WordPress Plugin Atarim versions = 3.22.6...
CVE-2024-2038
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible fo...
CVE-2024-2038 Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.22.6 - Hardcoded Credentials
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible fo...
CVE-2024-2038
CVE-2024-2038 affects the Visual Website Collaboration, Feedback & Project Management – Atarim WordPress plugin. The vulnerability arises from hardcoded credentials used to authenticate all incoming API requests, enabling unauthorized access. Exploitation allows unauthenticated attackers to modif...
CVE-2024-2038 Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.22.6 - Hardcoded Credentials
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible fo...
PT-2024-18654 · WordPress · Atarim
Name of the Vulnerable Software and Affected Versions: The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress versions up to, and including, 3.22.6 Description: The issue is due to the use of hardcoded credentials to authenticate all incoming API requests...
CVE-2024-4844
Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator ePO on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...
CVE-2024-4844
Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator ePO on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...
CVE-2024-4844
CVE-2024-4844 concerns Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2. The issue is a hardcoded credential in the keystore, allowing an attacker with admin privileges on the ePO server to read the orion.keystore contents and access the ePO database encryption ...
Siemens SIMATIC CN 4100 Hardcoded Credential Vulnerability
The Siemens SIMATIC CN 4100 is a communication node from Siemens, Germany. A security vulnerability exists in the Siemens SIMATIC CN 4100 due to an affected device containing undocumented users and credentials. An attacker could exploit the vulnerability to misuse the credentials to compromise th...
PT-2024-33110 · Trellix · Trellix Epolicy Orchestrator
Name of the Vulnerable Software and Affected Versions: Trellix ePolicy Orchestrator ePO on Premise versions prior to 5.10 Service Pack 1 Update 2 Description: A hardcoded credentials issue allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file,...
CVE-2024-34025
CVE-2024-34025 affects CyberPower PowerPanel Business software. The vulnerability stems from a hard-coded set of authentication credentials in the PowerPanel business application code, which could allow an attacker to bypass authentication and gain administrator privileges (CVSS v3.1 base 9.8). A...
CVE-2023-26566
Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface ARI, which allows remote attackers to reconfigure Asterisk and make external and internal calls via HTTP and WebSocket requests sent to the API...
CVE-2023-26566
Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credentials for the Asterisk REST Interface ARI, which allows remote attackers to reconfigure Asterisk and make external and internal calls via HTTP and WebSocket requests sent to the API...
CVE-2023-26566
CVE-2023-26566 affects Sangoma FreePBX 1805–2203 on Linux, with hardcoded Asterisk REST Interface (ARI) credentials. This enables remote attackers to reconfigure Asterisk and place calls via ARI endpoints over HTTP and WebSocket. The connected sources note the issue and provide remediation guidan...