mySCADA myPro Hard-coded Telnet Password (CVE-2024-4708

Binary data myscadamyprocve-2024-4708.nbin...

CVE-2024-38314

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment...

CVE-2024-38314

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment...

Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack

Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance ASA that could lead to a denial-of-service DoS condition. The vulnerability, tracked as CVE-2024-20481 CVSS score: 5.8, affects the Remote Access VPN RAVPN service of...

IBM Maximo Application Suite 安全漏洞

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. A security vulnerability exists in IBM Maximo Application Suite-Monitor Component, which stems from the...

Neye3C 安全漏洞

Neye3C is an application from Neye3C that connects to cloud cameras and DVRs by logging into the cloud. A security vulnerability exists in Neye3C version v4.5.2.0 that stems from the inclusion of hard-coded encryption keys in the firmware update mechanism...

CVE-2024-20412

A vulnerability in Cisco Firepower Threat Defense FTD Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to the presence of static accounts with hard-coded...

CVE-2024-20412

A vulnerability in Cisco Firepower Threat Defense FTD Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to the presence of static accounts with hard-coded...

CVE-2024-20412

A vulnerability in Cisco Firepower Threat Defense FTD Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to the presence of static accounts with hard-coded...

CVE-2024-20412

Cisco Firepower Threat Defense (FTD) Software on Firepower 1000, 2100, 3100, and 4200 Series contains static accounts with hard-coded passwords, enabling an unauthenticated, local attacker to access the CLI with those credentials. A successful exploit could allow data access, limited troubleshoot...

CVE-2024-5764

Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database SMTP or HTTP proxy credentials, user tokens, tokens, among others. The affected versions relied on ...

CVE-2024-5764

Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database SMTP or HTTP proxy credentials, user tokens, tokens, among others. The affected versions relied on ...

CVE-2024-5764

CVE-2024-5764 affects Nexus Repository 3.x (3.0.0–3.72.0). It arises from a static hard-coded encryption passphrase used by the PasswordCipher to encrypt secrets in the Nexus configuration database (SMTP/HTTP proxy credentials, tokens, etc.). An administrator could set an alternate passphrase at ...

CVE-2024-5764 Nexus Repository 3 - Static hard-coded encryption passphrase used by default

Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database SMTP or HTTP proxy credentials, user tokens, tokens, among others. The affected versions relied on ...

CVE-2024-5764 Nexus Repository 3 - Static hard-coded encryption passphrase used by default

Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database SMTP or HTTP proxy credentials, user tokens, tokens, among others. The affected versions relied on ...

Sonatype Nexus Repository 安全漏洞

Sonatype Nexus Repository is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. A security vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.72.0 that stems from the use of hard-coded credentials...

Multiple vulnerabilities in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software

Overview AIPHONE IX SYSTEM is an IP Network Audio-Video Intercom and IXG SYSTEM is an IP-based Residential System. IX SYSTEM, IXG SYSTEM, and System Support Software contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2024-31408 Insufficiently protected credentials...

Remote Code Execution via Pickle Deserialization with Hard-Coded AuthKey in RPC Server

Description RagFlow implements an RPC server using Python's native multiprocessing package. It fully understands the use of AuthKey to access and control the group communication when applying multiprocessing for network conditions via socket, but the current implementation hard-coded the AuthKey ...

CVE-2024-4740

MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data...

CVE-2024-4740

MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data...