CVE-2022-22512

Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network...

ProPump and Controls Osprey Pump Controller (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : ProPump and Controls, Inc. Equipment : Osprey Pump Controller Vulnerabilities: Insufficient Entropy, Use of GET Request Method with Sensitive Query Strings, Use...

CVE-2022-22512 VARTA: Multiple devices prone to hard-coded credentials

Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network...

CVE-2022-22512 VARTA: Multiple devices prone to hard-coded credentials

Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network...

CVE-2022-22512

CVE-2022-22512 describes hard-coded credentials in the Web-UI of multiple VARTA Storage products, enabling an unauthenticated remote attacker to gain administrative access via the network. The issue is tied to the Web-UI authentication mechanism (no details on affected versions provided in the in...

VARTA Storage 信任管理问题漏洞

VARTA Storage is VARTA's AC all-in-one system with an integrated battery inverter, ideal for retrofits or new installations. VARTA Storage suffers from a trust management issue vulnerability that stems from hard-coded credentials that allow an unauthorized attacker to gain administrative access t...

PT-2023-12705 · Varta · Varta Storage

Name of the Vulnerable Software and Affected Versions: VARTA Storage products affected versions not specified Description: The issue concerns hard-coded credentials in the Web-UI of multiple VARTA Storage products, allowing an unauthorized attacker to gain administrative access to the Web-UI via...

Annotation tool: token forgery using jwt secret to claim super admin role

Although the annotator tool's source code is not directly provided in the repository a docker image is provided. From there it is easy to get access to the source code by either extracting the docker tar image, which can be exported from docker itself, or connecting to the container with an...

CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate Vulnerability and Weak Installation Procedures

While using the popular self-hosted web administration solution, CloudPanel from MGT-COMMERCE, Rapid7 researcher Tod Beardsley discovered three security concerns. The first, an issue involving the trustworthiness of the installation script provided by the vendor, was an instance of CWE-494:...

Authentication Bypass

alextselegidis/easyappointments is vulnerable to Authentication Bypass. The vulnerability exists due to the use of hard-coded credentials which allows an attacker to use the default password and bypass the login...

CVE-2023-26511

A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Propius MachineSelector 6.6.0 and 6.6.1 allows remote attackers to gain access to the admin panel Propiusadmin.php, which allows taking control of the affected system...

CVE-2023-26511

A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Propius MachineSelector 6.6.0 and 6.6.1 allows remote attackers to gain access to the admin panel Propiusadmin.php, which allows taking control of the affected system...

CVE-2023-26511

A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Propius MachineSelector 6.6.0 and 6.6.1 allows remote attackers to gain access to the admin panel Propiusadmin.php, which allows taking control of the affected system...

Propius MachineSelector 信任管理问题漏洞

Propius MachineSelector is Propius' Web server-client based remote maintenance tool for local setups on-premise or cloud-based in which companies can create, manage and control secure access to their machines. A security vulnerability exists in Propius MachineSelector versions 6.6.0 and 6.6.1,...

CVE-2023-0353

Akuvox E11 uses a weak encryption algorithm for stored passwords and uses a hard-coded password for decryption which could allow the encrypted passwords to be decrypted from the configuration file...

CVE-2023-27583 Panindex uses hard coded cyptographic key

PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key PanIndex is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any actions as a user with admin privileges. Version 3.1.3 has a patch for the issue. As a workaround, on...

CVE-2023-27583 Panindex uses hard coded cyptographic key

PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key PanIndex is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any actions as a user with admin privileges. Version 3.1.3 has a patch for the issue. As a workaround, on...

CVE-2023-0353 CVE-2023-0353

Akuvox E11 uses a weak encryption algorithm for stored passwords and uses a hard-coded password for decryption which could allow the encrypted passwords to be decrypted from the configuration file...

CVE-2023-0353

The connected documentation confirms CVE-2023-0353 affects Akuvox E11. The vulnerability arises from storing passwords with a weak encryption algorithm and decrypting them via a hard-coded key, enabling potential decryption of encrypted passwords from the device configuration. Impact is rated hig...

CVE-2023-0353 CVE-2023-0353

Akuvox E11 uses a weak encryption algorithm for stored passwords and uses a hard-coded password for decryption which could allow the encrypted passwords to be decrypted from the configuration file...