Loxone Miniserver 信任管理问题漏洞

Loxone Miniserver is a server from Loxone, Inc. that automates equipment and homes in buildings and houses to provide energy management and monitoring. A security vulnerability exists in Loxone Miniserver Go Gen.2 versions prior to 14.2, which stems from the fact that root passwords are computed...

PT-2023-24899 · Ami · Ami Spx

Name of the Vulnerable Software and Affected Versions: AMI SPx affected versions not specified Description: The issue is related to a vulnerability in the BMC of AMI SPx, where a valid user can cause the use of hard-coded credentials. This may lead to a loss of confidentiality, integrity, and...

VulnCheck KEV: CVE-2010-1573

Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username Gemtek and password gemtekswd for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the 1 data1, 2 data2, or 3 data3 parameters to a Debugcommandpage.asp...

AMI MegaRAC 信任管理问题漏洞

AMI MegaRAC is a family of service processor products from AMI. Complete out-of-band or unlit remote management of computer systems independent of operating system state or location is available to troubleshoot computers and ensure service continuity. A security vulnerability exists in AMI MegaRA...

Exploit for Use of Hard-coded Credentials in Fortinet Fortianalyzer

Decrypt FortiManager configuration secrets CVE-2020-9289 CV...

CVE-2023-28387

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service...

CVE-2023-28387

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service...

CVE-2023-28387

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service...

CVE-2023-28387

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service...

CVE-2023-28387

The CVE-2023-28387 entry concerns the NewsPicks mobile apps for Android (versions 10.4.5 and earlier) and iOS (versions 10.4.2 and earlier) that hard‑code credentials, enabling a local attacker to access app data and potentially obtain an API key for an external service. Affected components are t...

"NewsPicks" App uses a hard-coded API key for an external service

Overview "NewsPicks" App for Android and "NewsPicks" App for iOS provided by NewsPicks, Inc. use a hard-coded API key for an external service CWE-798. Sunagawa Masanori of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

JVN#32739265: "NewsPicks" App uses a hard-coded API key for an external service

"NewsPicks" App for Android and "NewsPicks" App for iOS provided by NewsPicks, Inc. use a hard-coded API key for an external service CWE-798. Impact Data in the app may be analyzed and API key for an external service may be obtained. Note that the users of the app are not directly affected by thi...

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Use of Hard-Coded Credentials (CVE-2023-2061)

Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via...

NewsPicks 信任管理问题漏洞

NewsPicks is an economic news website from the Japanese company NewsPicks. A security vulnerability exists in NewsPicks version 10.4.5 and prior versions that stems from the application's use of hard-coded credentials...

PT-2023-21688 · Unknown · Newspicks App

Name of the Vulnerable Software and Affected Versions: NewsPicks App for Android versions 10.4.5 and earlier NewsPicks App for iOS versions 10.4.2 and earlier Description: The issue is related to hard-coded credentials in the NewsPicks App, which may allow a local attacker to analyze data in the...

Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 Use of Hard-Coded Credentials (CVE-2018-7241)

Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

WordPress plugin EmbedPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Nokia ASIKA 7.13.52 - Hard-coded private key disclosure Exploit

// Exploit Title: Nokia ASIKA 7.13.52 - Hard-coded private key disclosure // Exploit Author: Amirhossein Bahramizadeh // Category : Hardware // Vendor Homepage: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25187/ // Version: 7.13.52 REQUIRED // Tested on:...

Secret information exfiltration by hard coding twitter API keys

Description Secret information used for API calls was embedded in the microweber source code. PoC It's hardcoded in the source code below. - https://github.com/microweber/microweber/blob/master/userfiles/modules/twitterfeed/functions.php php $oauthaccesstoken =...

CVE-2023-2611 Advantech R-SeeNet Use of Hard-coded Credentials

Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users...