NETGEAR XR1000 Trust Management Issue Vulnerability

The NETGEAR xr1000 is a router from Netgear, Inc. A hardware device that connects two or more networks and acts as a gateway between networks, the NETGEAR XR1000 device suffers from a security vulnerability that stems from the fact that NETGEAR XR1000 devices prior to 1.0.0.58 are subject to...

Schneider Electric Easergy P5 Trust Management Issue Vulnerability

The Schneider Electric Easergy P5 is a protective relay for demanding medium voltage applications from Schneider Electric, France. The Schneider Electric Easergy P5 is vulnerable to a trust management issue, which exists due to the presence of hard-coded credentials in the application code. An...

CVE-2022-22056

The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service...

CVE-2022-22056

The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service...

CVE-2022-22056

Affected product: Le-Yan Dental Management System (Le-Yan, China). Vulnerability type: hard-coded credentials in the web page source, leading to an unauthenticated remote attacker gaining administrator privileges and potentially taking control or disrupting services. Root cause: credential hard-c...

CVE-2022-22056 Le-yan Co., Ltd. dental management system - Hard-coded Credentials

The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service...

CVE-2022-22056

The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service...

Fortinet FortiOS Hard-Coded Cryptographic Key (FG-IR-21-051)

The remote host is running a version of FortiOS prior to 5.6.13, 6.0.x prior or equal to 6.0.12, 6.2.x prior or equal to 6.2.8, or 6.4.x prior or equal to 6.4.5, FortiOS-6K7K version prior to 6.2.6 and 6.4.2. It is, therefore, affected by a hard-coded cryptographic key vulnerability in FortiOS...

TIBCO FTL Trust Management Issue Vulnerability

Tibco Ftl is an application-to-application messaging system from Tibco USA, Inc. Designed for low latency and high performance, TIBCO FTL suffers from a trust management issue vulnerability that stems from hard-coded secrets used in the default domain server, which can be exploited by attackers t...

Jimoty App for Android uses a hard-coded API key for an external service

Overview Jimoty App for Android provided by Jimoty, Inc. uses a hard-coded API key for an external service CWE-798. Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact API key for...

Jimoty 信任管理问题漏洞

Jimoty is a Web site of Jimoty Japan, Inc. It is used to provide help, information dissemination and other services to local people. Jimoty App for Android is vulnerable to a trust management issue, which exists due to hard-coded credentials in the application code. A local attacker could exploit...

Schneider Electric Easergy P5 信任管理问题漏洞

The Schneider Electric Easergy P5 is a protective relay for demanding medium voltage applications from Schneider Electric, France. The Schneider Electric Easergy P5 is vulnerable to a trust management issue, which exists due to the presence of hard-coded credentials in the application code. An...

Jenkins Warnings Next Generation 路径遍历漏洞

Jenkins Warnings Next Generation is Jenkins an open source application plugin . The plugin is used to collect compiler warnings or static analysis tools to report problems and visualize the results . A security vulnerability exists in Jenkins Warnings Next Generation Plugin that allows an attacke...

CVE-2021-43052

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the...

Authentication flaw

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the...

CVE-2021-43052 TIBCO FTL Secret Generation Vulnerability

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the...

CVE-2021-45033

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions V16.20, CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions V16.20, CP-8021 MASTER MODULE All versions V16.20, CP-8022 MASTER MODULE WITH GPRS All versions V16.20. An undocumented debug port uses...

Night Sky: the new corporate ransomware demanding a sky high ransom

Theres a new ransomware in town—isnt there always?—and its, unsurprisingly, after corporation-sized businesses. Its called Night Sky, and it was first spotted and revealed by MalwareHunterTeam, a group on Twitter who hunts malware online, on the first day of 2022. First day of the year, and a new...

CVE-2021-45033

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions V16.20, CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions V16.20, CP-8021 MASTER MODULE All versions V16.20, CP-8022 MASTER MODULE WITH GPRS All versions V16.20. An undocumented debug port uses...

Siemens SICAM A8000 CP-8000 信任管理问题漏洞

The SICAM A8000 is used for automation applications in all areas of remote control and energy supply. A hard-coded credentials vulnerability exists in the Siemens SICAM A8000, which can be exploited by an attacker to enable the debug port using default credentials...