CVE-2022-41398

CVE-2022-41398 affects Sage 300 (through 2022) where the optional Global Search feature configures Apache Solr with hard-coded admin credentials. This enables login to the Solr dashboard with admin privileges and potential exposure of sensitive data. The Red Hat/Red flags and other records corrob...

CVE-2023-2158

Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A...

CVE-2023-2158

Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A...

CVE-2023-2158 Impersonation through User-Controlled Token

Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A...

Synopsys Code Dx 信任管理问题漏洞

Synopsys Code Dx is a vulnerability management system from Synopsys. It combines and correlates results generated by various static and dynamic testing tools. A security vulnerability exists in Synopsys Code Dx versions prior to 2023.4.2 that stems from the use of hard-coded passwords when...

PT-2023-18284 · Code Dx · Code Dx

Name of the Vulnerable Software and Affected Versions: Code Dx versions prior to 2023.4.2 Description: The issue allows a malicious actor to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher when generating the...

Hardcoded credentials

Git for Windows, the Windows port of Git, ships with an executable called connect.exe, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of connect.exe's config file is hard-coded as...

CVE-2023-29011 Git for Windows's config file of `connect.exe` is susceptible to malicious placing

Git for Windows, the Windows port of Git, ships with an executable called connect.exe, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of connect.exe's config file is hard-coded as...

PT-2023-5861 · Git · Git For Windows

Name of the Vulnerable Software and Affected Versions: Git for Windows versions prior to 2.40.1 Description: The issue is related to the executable file connect.exe in Git for Windows, which implements a SOCKS5 proxy. This vulnerability is associated with an uncontrolled search path element...

Git for Windows 格式化字符串错误漏洞

Git for Windows is Git's Git for Windows. A formatting string error vulnerability exists in Git for Windows version 2.40.0 and prior versions, which stems from the use of hard-coded paths to find localized messages...

Token Disclosure

@nuxtlabs/github-module is vulnerable to Token Disclosure. The vulnerability exists in the module.ts because it uses hard-coded credentials in the config file, which allows an attacker to gain sensitive information through the token in the public runtime config...

Siemens SICAM A8000 Use of Hard-Coded Credentials (CVE-2021-45033)

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70C All versions V16.20, CP-8000 MASTER MODULE WITH I/O -40/+70C All versions V16.20, CP-8021 MASTER MODULE All versions V16.20, CP-8022 MASTER MODULE WITH GPRS All versions V16.20. An undocumented debug port uses hard-cod...

@nuxtlabs/github-module made Use of Hard-coded Credentials

https://nuxt.com had a hardcoded GitHub token in the source code of the page. This token had access to multiple repositories under nuxt, nuxtlabs and nuxt-themes GitHub organizations. A patch in version 1.6.2 fixed the issue...

Hardcoded credentials

Use of Hard-coded Credentials in GitHub repository nuxtlabs/github-module prior to 1.6.2...

CVE-2023-2138

CVE-2023-2138 affects nuxtlabs/github-module prior to version 1.6.2. The root cause is a hard-coded GitHub token embedded in the module’s source, which granted access to multiple Nuxt-related GitHub repositories. The issue is described consistently across multiple sources (including Red Hat, GitH...

CVE-2023-2138 Use of Hard-coded Credentials in nuxtlabs/github-module

Use of Hard-coded Credentials in GitHub repository nuxtlabs/github-module prior to 1.6.2...

github-module 信任管理问题漏洞

github-module is a GitHub integration for Nuxt. A trust management issue vulnerability exists in nuxtlabs github-module versions prior to 1.6.2, which stems from the use of hard-coded credentials...

CVE-2023-2138 Use of Hard-coded Credentials in nuxtlabs/github-module

Use of Hard-coded Credentials in GitHub repository nuxtlabs/github-module prior to 1.6.2...

PT-2023-18155 · Nuxtlabs · Nuxtlabs/Github-Module

Name of the Vulnerable Software and Affected Versions: nuxtlabs/github-module versions prior to 1.6.2 Description: The issue involves the use of hard-coded credentials in the GitHub repository nuxtlabs/github-module. A hardcoded GitHub token was found in the source code, which had access to...

CVE-2023-2138 Use of Hard-coded Credentials in nuxtlabs/github-module

Use of Hard-coded Credentials in GitHub repository nuxtlabs/github-module prior to 1.6.2...