EUVD-2023-28218

Malicious code in bioql PyPI...

EUVD-2022-37891

Malicious code in bioql PyPI...

Ivanti Workspace Control 安全漏洞

Ivanti Workspace Control is a suite of workspace control software from Ivanti USA. The software includes features such as user management, application management and report management. A security vulnerability exists in Ivanti Workspace Control versions prior to 10.19.10.0, which stems from a...

CVE-2023-24149

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow...

CVE-2023-24155

TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /webcste/cgi-bin/product.ini...

Design/Logic Flaw

TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /webcste/cgi-bin/product.ini...

Design/Logic Flaw

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow...

CVE-2023-24155

TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /webcste/cgi-bin/product.ini...

CVE-2023-24147

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini...

CVE-2023-24155

CVE-2023-24155 affects TOTOLINK T8 (V4.1.5cu). The issue is a hard-coded password for the Telnet service stored in the component /web_cste/cgi-bin/product.ini. The impact is described as high/critical with CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (network access, no user interaction, unauth...

CVE-2023-24149

CVE-2023-24149 affects TOTOLINK CA300-PoE, firmware version V6.2c.884, where a hard-coded root password is stored in /etc/shadow. The exposed credential leads to total impact on confidentiality, integrity, and availability (CVSS v3.1: 9.8, NETWORK attack vector, no user interaction; privileges re...

Dell EMC SCG Policy Manager 信任管理问题漏洞

Dell EMC SCG Policy Manager is a secure connectivity gateway policy manager from Dell, U.S. A security vulnerability exists in Dell EMC SCG Policy Manager that could be exploited by remote attackers to submit a special request to hard-code a login to the system to gain administrator privileges...

CVE-2022-34993

Totolink A3600RFirmware V4.1.2cu.5182B20201102 contains a hard code password for root in /etc/shadow.sample...

CVE-2022-34993

Totolink A3600RFirmware V4.1.2cu.5182B20201102 contains a hard code password for root in /etc/shadow.sample...

CVE-2022-23402

The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00...

CVE-2022-23402

CVE-2022-23402 affects Yokogawa CENTUM VP (R5.01.00–R5.04.20; R6.01.00–R6.08.00) and Exaopc (R3.72.00–R3.79.00) where CAMS server applications hard-code a password. This can enable unauthorized access to files/shared memory, potentially disrupting alarms or compromising server functions. Mitigati...

Taiwan Secom Personnel Attendance Management Trust Management Issue Vulnerability

Taiwan Secom Personnel Attendance Management is an attendance management system from Taiwan Secom, China. Trust Management issue vulnerability, the vulnerability originates from the system using hard code admin default credentials, remote attackers can use the vulnerability to access the system...

CVE-2021-35965 Learningdigital.com, Inc. Orca HCM - Hard-code password

The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in...

CVE-2021-35961

CVE-2021-35961 concerns the Dr. ID Door Access Control and Personnel Attendance Management system, where the root cause is hard-coded admin default credentials . This enables remote attackers to access the system through the default password and obtain the highest privileges . Multiple connected ...

CVE-2020-12035

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings...