CVE-2023-2611 Advantech R-SeeNet Use of Hard-coded Credentials

Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users...

Critical Flaw Found in WordPress Plugin for WooCommerce Used by 30,000 Websites

A critical security flaw has been disclosed in the WordPress "Abandoned Cart Lite for WooCommerce" plugin that's installed on more than 30,000 websites. "This vulnerability makes it possible for an attacker to gain access to the accounts of users who have abandoned their carts, who are typically...

PT-2023-3302 · Advantech · Advantech R-Seenet

Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet version 2.4.22 Description: The issue is related to the use of hard-coded credentials in Advantech R-SeeNet. This allows a remote attacker to exploit the vulnerability and gain elevated privileges. The software comes with a...

Nokia ASIKA 7.13.52 Private Key Disclosure

// Exploit Title: Nokia ASIKA 7.13.52 - Hard-coded private key disclosure // Date: 2023-06-20 // Exploit Author: Amirhossein Bahramizadeh // Category : Hardware // Vendor Homepage: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25187/ // Version: 7.13.52...

CVE-2023-32274

Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information...

CVE-2023-32274

Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information...

CVE-2023-32274 Enphase Installer Toolkit Android App Use of Hard-coded Credentials

Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information...

CVE-2023-32274

CVE-2023-32274 affects Enphase Installer Toolkit for Android, version 3.27.0, due to hard-coded credentials embedded in the binary. This is described as a trust/credential management issue that could allow an attacker to gain access to sensitive information. The ICS advisory ICSA-23-171-02 confir...

CVE-2023-32274 Enphase Installer Toolkit Android App Use of Hard-coded Credentials

Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information...

Enphase Energy Installer Toolkit 信任管理问题漏洞

Enphase Energy Installer Toolkit is an installer toolkit from Enphase Energy, USA. Enphase Energy Installer Toolkit version 3.27.0 suffers from a trust management issue vulnerability that stems from hard-coded credentials embedded in the binary code of an Android application. An attacker could...

Eaton Power Xpert Meter Use of Hard-coded Credentials (CVE-2018-16158)

Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins to uid 0 via the PubkeyAuthentication...

PT-2023-23694 · Enphase · Enphase Installer Toolkit

Name of the Vulnerable Software and Affected Versions: Enphase Installer Toolkit version 3.27.0 Description: The issue concerns hard-coded credentials embedded in the binary code of the Android application. An attacker can exploit this to gain access to sensitive information. Recommendations: For...

CVE-2023-3237

A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...

CVE-2023-3237

A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...

CVE-2023-3237 OTCMS hard-coded password

A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...

CVE-2023-3237

Summary (CVE-2023-3237): OTCMS versions up to 6.62 are affected by a vulnerability where credential handling allows a hard-coded password when the input is the admin username/password. This stems from vulnerable code paths that can be triggered during authentication and has been publicly disclose...

CVE-2023-3237 OTCMS hard-coded password

A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...

PT-2023-23754 · Otcms · Otcms

Name of the Vulnerable Software and Affected Versions: OTCMS versions up to 6.62 Description: A critical issue was discovered, affecting unknown code. The manipulation of the username and password arguments with the input admin leads to the use of a hard-coded password. Recommendations: For OTCMS...

OTCMS 信任管理问题漏洞

OTCMS Nettie CMS is a content management system CMS for article-based websites. A security vulnerability exists in OTCMS versions prior to 6.62 that stems from the use of hard-coded passwords...

CVE-2023-2637

Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie...