Home Owners Collection Management System 信任管理问题漏洞

Home Owners Collection Management System, a homeowner collection management system, is vulnerable to a trust management issue stemming from Home Owners Collection Management System v1.0. System v1.0 was found to contain hard-coded credentials, which could be exploited by an attacker to escalate...

Elections GoRansom – a smoke screen for the HermeticWiper attack

Executive summary On February 24, 2022, Avast Threat Research published a tweet announcing the discovery of new Golang ransomware, which they called HermeticRansom. This malware was found around the same time the HermeticWiper was found, and based on publicly available information from security...

WordPress WordPress Dev Powers – ACF Color Coded Field Types Plugin plugin <= 1.0.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WordPress Dev Powers – ACF Color Coded Field Types Plugin plugin versions = 1.0.1. Solution No patched version available...

WordPress WordPress Dev Powers – ACF Color Coded Field Types Plugin plugin <= 1.0.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WordPress Dev Powers – ACF Color Coded Field Types Plugin plugin versions = 1.0.1. Solution No patched version available...

Exploit for Use of Hard-coded Credentials in Qxip Homer_Webapp

CVE-2022-22845-Exploit Exploit for CVE...

Schneider Electric Easergy P5 and P3

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Easergy P5 and P3 --------- Begin Update A Part 1 of 4 --------- Vulnerabilities: Use of Hard-Coded Credentials, Classic Buffer Overflow, and Improper Input Validation --------- End Update A...

Celartem Extensis Portfolio 信任管理问题漏洞

Celartem Extensis Portfolio is a digital asset management solution from Celartem Japan. A trust management issue vulnerability exists in Celartem Extensis Portfolio versions 3.0.0 through 3.6.3, which stems from the presence of hard-coded credentials in the main portal and administrator portal. A...

Trend Micro ServerProtect信任管理问题漏洞

Trend Micro ServerProtect is an enterprise-grade anti-virus program from Trend Micro, Inc. It is designed to protect Internet-connected storage systems and block threats at their source. Trend Micro ServerProtect suffers from a trust management issue vulnerability that originates from the presenc...

CVE-2021-27797

Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system...

CVE-2021-27797

Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system...

CVE-2021-27797

CVE-2021-27797 affects Brocade Fabric OS. Versions prior to 8.2.1c, 8.1.2h, and all 8.0.x/7.x releases contain documented hard-coded credentials, enabling access to the system. The root cause is hard-coded admin credentials; impact is high (partial/complete confidentiality, integrity, and availab...

CVE-2021-27797

Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system...

Weak Cryptography

github.com/gravitl/netmaker is vulnerable to weak cryptography. The vulnerability exits in SetJWTSecret function of wts.go due to hard-coded secret key which allows an attacker to create a valid authentication token for any user and use it with admin privileges...

ASUS CMAX6000 Information Disclosure Vulnerability

The ASUS Cmax6000 is a 4x4 dual-band Wifi cable modem router from Asus China. A security vulnerability exists in ASUS CMAX6000 v1.02.00, which can be exploited by an attacker to recover encrypted data via a hard-coded key...

GHSA-6RRW-4FM9-RGHV Use of Hard-coded Cryptographic Key in Netmaker

Netmaker prior to versions 0.8.5, 0.9.4, 0.10.0, and 0.10.1 uses a hard-coded cryptographic key...

CVE-2022-23650

Netmaker server component contains a hard-coded cryptographic key that, prior to v0.8.5, v0.9.4, and v0.10.0, could be exploited to run admin commands on a remote server if the attacker knows the admin’s address and username. The issue is limited to the Netmaker server and not clients. Patches ar...

CVE-2022-23650 Use of Hard-coded Cryptographic Key in Netmaker

Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server if the exploiter know the address and...

CVE-2022-0664

Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1...

CVE-2022-0664

Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1...

CVE-2022-0664 Use of Hard-coded Cryptographic Key in gravitl/netmaker

Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1...