Adobe ColdFusion trust management issue vulnerability

Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. The platform includes an integrated development environment and scripting language.Adobe ColdFusion has a trust management issue vulnerability that...

Adobe ColdFusion Admin Component Use of Hard-coded Credentials Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Admin Component service. The service uses a hard-coded password for the administrato...

Multiple vulnerabilities in SVMPC1 and SVMPC2

Overview SVMPC1 and SVMPC2 provided by Daikin Holdings Singapore Pte Ltd. contain multiple vulnerabilities listed below. Use of hard-coded password CWE-259 - CVE-2022-41653 Improper access control CWE-284 - CVE-2022-38355 Impact Exploiting these vulnerabilities may allow an attacker on the same L...

Adobe ColdFusion 信任管理问题漏洞

Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. The platform includes an integrated development environment and scripting language.Adobe ColdFusion has a trust management issue vulnerability that...

Buffalo Trust Management Issue Vulnerability

Buffalo firmware is a network device from Buffalo, a Japanese company. Buffalo Wi-Fi devices are vulnerable to a trust management issue that stems from the use of hard-coded credentials, which can be exploited by an attacker on a neighboring network to modify the device's configuration...

Zyxel CloudCNM SecuManager /opt/axess/etc/default/axess hard-coded vulnerability

Zyxel ZyXEL CloudCNM SecuManager is a network management software from Zyxel, Taiwan, China. requests to gain unauthorized access to the system...

Authentication Bypass

github.com/flyteorg/flyteadmin is vulnerable to authentication bypass. The vulnerability exists in config.go due to the use of hard-coded credentials without changing the default client id hashes, which allows an attacker to access for flyte propeller after turning on authentication via a...

Multiple vulnerabilities in Buffalo network devices

Overview Multiple network devices provided by Buffalo Inc. contain multiple vulnerabilities listed below. Hidden Functionality CWE-912 - CVE-2022-39044 Use of Hard-coded Credentials CWE-798 - CVE-2022-34840 Authentication Bypass CWE-288 - CVE-2022-4096 Chuya Hayakawa of 00One, Inc. reported these...

BD Totalys MultiProcessor 信任管理问题漏洞

The BD Totalys MultiProcessor is a medical device from Bidi Medical BD, USA. combines full automation of the cell enrichment process for cervical samples, a strict chain of custody, and customizable small samples for ancillary testing. The BD Totalys MultiProcessor suffers from a trust management...

BD Totalys MultiProcessor

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company BD Equipment: Totalys MultiProcessor Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access, modify, or...

Buffalo network devices 信任管理问题漏洞

Buffalo firmware is a network device from Buffalo, a Japanese company. Buffalo Wi-Fi devices are vulnerable to a trust management issue that stems from the use of hard-coded credentials, which can be exploited by an attacker on a neighboring network to modify the device's configuration...

Zyxel CloudCNM SecuManager 安全漏洞

Zyxel CloudCNM SecuManager is a set of network management software from Taiwan, China-based Zyxel. The software supports centralized control, device management and intelligent monitoring. A security vulnerability exists in Zyxel CloudCNM SecuManager version 3.1.0 and 3.1.1, which originates from ...

Zyxel CloudCNM SecuManager 信任管理问题漏洞

Zyxel CloudCNM SecuManager is a set of network management software from China Hopkins Zyxel. The software supports centralized control, device management and intelligent monitoring. A trust management issue vulnerability exists in Zyxel CloudCNM SecuManager version 3.1.0 and 3.1.1, which stems fr...

Zyxel CloudCNM SecuManager 安全漏洞

Zyxel CloudCNM SecuManager is a set of network management software from Taiwan, China-based Zyxel. The software supports centralized control, device management and intelligent monitoring. A security vulnerability exists in Zyxel CloudCNM SecuManager version 3.1.0 and 3.1.1, which originates from ...

CVE-2022-28812

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device...

CVE-2022-22522

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device...

CVE-2022-22522

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device...

CVE-2022-28812

CVE-2022-28812 involves Carlo Gavazzi UWP3.0 (multiple versions) and CPY Car Park Server 2.8.3, where a remote, unauthenticated attacker can exploit hard-coded credentials to obtain SuperUser access. The CVE is supported by multiple sources in the connected set (Red Hat, NVD/NVD-derived entries, ...

CVE-2022-28812 Use of Hard-coded Credentials in UWP3.0 allows SuperUser authentication bypass in Car Park Server.

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device...

CVE-2022-22522 Hard-coded credentials in Carlo Gavazzi UWP3.0 allows for authentication bypass and full control of the device

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device...