8149 matches found
AgileConfig 信任管理问题漏洞
AgileConfig is a lightweight configuration center for .NET Core-based development in the China .NET Core Community community. A trust management issue vulnerability exists in AgileConfig version 1.6.8, which stems from a hard-coded JWT Secret in the server that allows remote attackers to gain...
CVE-2022-1400
Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00...
CVE-2022-1400
Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00...
Hardcoded credentials
Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00...
CVE-2022-1400
CVE-2022-1400 affects Device42 CMDB versions prior to 18.01.00 and is due to a hard-coded cryptographic key in Exago WebReportsApi.dll (WebReports API). This design flaw can allow an attacker to leak session IDs and elevate privileges within the appliance. The vulnerability is documented in NVD w...
CVE-2022-1400
Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00...
CVE-2022-35734
'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...
CVE-2022-35734
'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...
CVE-2022-35734
'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...
PT-2022-22954 · Hulu · Hulu App For Android
Name of the Vulnerable Software and Affected Versions: Hulu App for Android versions 3.0.47 through 3.1.1 Description: The issue concerns the use of a hard-coded API key for an external service in the Hulu App for Android. This could potentially allow the API key to be obtained by analyzing the...
Device42 信任管理问题漏洞
Device42, a Device42 company, provides the industry's most advanced and complete hybrid cloud discovery and dependency mapping platform. A security vulnerability in Device42 CMDB version 18.01.00 and earlier, which stems from the use of a hard-coded encryption key vulnerability in WebReportsApi.d...
VulnCheck KEV: CVE-2022-34151
Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac...
PT-2022-4179 · Device42 · Device42 Cmdb
Name of the Vulnerable Software and Affected Versions: Device42 CMDB versions prior to 18.01.00 Description: The issue is related to the use of a hard-coded cryptographic key in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance. This allows an attacker...
Critical Flaws Disclosed in Device42 IT Asset Management Software
Cybersecurity researchers have disclosed multiple severe security vulnerabilities asset management platform Device42 that, if successfully exploited, could enable a malicious actor to seize control of affected systems. "By exploiting these issues, an attacker could impersonate other users, obtain...
Siemens SICAM TOOLBOX II
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM TOOLBOX II Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability results in full access to the database. 3. TECHNICAL...
Emerson OpenBSI
1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: OpenBSI Vulnerabilities: Use of Broken or Risky Cryptographic Algorithm, Use of Hard-coded Cryptographic Key CISA is aware of a public report, “OT:ICEFALL,” that details...
CVE-2022-22144
A hard-coded password vulnerability exists in the libcommonprod.so prodchangerootpasswd functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this...
CVE-2022-22144
A hard-coded password vulnerability exists in the libcommonprod.so prodchangerootpasswd functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this...
Hardcoded credentials
A hard-coded password vulnerability exists in the libcommonprod.so prodchangerootpasswd functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this...
CVE-2022-22144
A hard-coded password vulnerability exists in the libcommonprod.so prodchangerootpasswd functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this...