8175 matches found
CVE-2024-9138
Moxa CVE-2024-9138 affects cellular routers, secure routers, and network security appliances. A hard-coded credential flaw enables an authenticated user to escalate to root-level access, per multiple sources. Impact can include system compromise, unauthorized modifications, data exposure, or serv...
CVE-2024-9138 Privilege Escalation in Cellular Router, Secure Router, and Network Security Appliances
Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system, posing a...
PT-2025-1200 · Moxa · Edr-G9010 +9
Name of the Vulnerable Software and Affected Versions: Moxa EDR-810 versions prior to the fixed version Moxa EDR-8010 versions prior to the fixed version Moxa EDR-G902 versions prior to the fixed version Moxa EDR-G903 versions prior to the fixed version Moxa EDR-G9004 versions prior to the fixed...
ABB Cylon Aspect 3.08.03 Hardcoded Secrets Vulnerability
ABB Cylon Aspect version 3.08.03 contains multiple instances of hardcoded credentials, including usernames, passwords, and encryption keys embedded in various java classes. This practice poses significant security risks, allowing attackers to gain unauthorized access and compromise the system's...
Fortinet FortiClient 7.0.x < 7.0.14 / 7.2.x < 7.2.7 / 7.4.x < 7.4.2 Information Disclosure (FG-IR-23-278)
The version of Fortinet FortiClient running on the remote host is prior to 7.0.14, 7.2.7, or 7.4.2. It is, therefore, affected by a an information disclosure vulnerability due to the use of a hard-coded cryptographic key to encrypt security sensitive data in configuration. An attacker with access...
Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability
Acclaim Systems USAHERDS contains a hard-coded credentials vulnerability that could allow an attacker to achieve remote code execution on the system that runs the application. The MachineKey must be obtained via a separate vulnerability or other channel...
Dell RecoverPoint for Virtual Machines Trust Management Issue Vulnerability
Dell RecoverPoint for Virtual Machines is a simple, efficient operations and disaster recovery solution from Dell, Inc. For virtualized applications in VMware environments. A trust management issue vulnerability exists in Dell RecoverPoint for Virtual Machines version 6.0 SP1 and version 6.0 SP1...
CVE-2024-4996
Use of a hard-coded password for a database administrator account created during Wapro ERP installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Wapro ERP installations. This issue affects Wapro ERP Desktop versions before 8.90....
Asseco Business Solutions Wapro ERP 安全漏洞
Asseco Business Solutions Wapro ERP is an enterprise-oriented ERP software from Asseco Business Solutions, Poland. A security vulnerability exists in Asseco Business Solutions Wapro ERP versions prior to 8.90.0, which stems from a hard-coded password for the database administrator account created...
PT-2024-33801
Name of the Vulnerable Software and Affected Versions: Wapro ERP Desktop versions prior to 8.90.0 Description: The issue involves the use of a hard-coded password for a database administrator account created during Wapro ERP installation. This allows an attacker to retrieve embedded sensitive dat...
Trellix Data Loss Prevention 安全漏洞
Trellix Data Loss Prevention Trellix DLP is a data loss prevention solution from American FireEye Trellix. It provides a comprehensive scan of inbound and outbound network traffic for all ports, protocols, etc. A security vulnerability exists in Trellix Data Loss Prevention Trellix DLP version...
Weasis 安全漏洞
Weasis is an open source DICOM medical image viewer, mainly used to visualize images obtained from medical imaging devices. A key disclosure vulnerability exists in Weasis version 4.5.1, which stems from having a hard-coded key for symmetric encryption of proxy credentials in...
CVE-2024-48007
Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to...
CVE-2024-48007
Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to...
CVE-2024-48007
CVE-2024-48007 affects Dell RecoverPoint for Virtual Machines, version 6.0.x. The vulnerability stems from hard-coded credentials in the software, enabling a remote, unauthenticated attacker to access secrets and, consequently, unauthorized data. Documents consistently describe the impact as enab...
CVE-2024-48007
Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to...
CVE-2024-48007
Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to...
PT-2024-9593 · Dell · Dell Recoverpoint For Virtual Machines
Name of the Vulnerable Software and Affected Versions: Dell RecoverPoint for Virtual Machines version 6.0.x Description: The issue is related to the use of hard-coded credentials in the software. A remote unauthenticated attacker could exploit this by gaining access to the source code, easily...
CVE-2024-28146
The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device...
CVE-2024-28146
CVE-2024-28146 affects Image Access Scan2Net software. The issue arises from hard-coded credentials used to (1) encrypt configuration files during backups, (2) decrypt firmware during updates, and (3) passwords that allow a direct connection to the device’s database server. Public records from mu...