CVE-2022-22056 Le-yan Co., Ltd. dental management system - Hard-coded Credentials

The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service...

CVE-2022-22056

The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service...

Schneider Electric Easergy P5 信任管理问题漏洞

The Schneider Electric Easergy P5 is a protective relay for demanding medium voltage applications from Schneider Electric, France. The Schneider Electric Easergy P5 is vulnerable to a trust management issue, which exists due to the presence of hard-coded credentials in the application code. An...

Jimoty 信任管理问题漏洞

Jimoty is a Web site of Jimoty Japan, Inc. It is used to provide help, information dissemination and other services to local people. Jimoty App for Android is vulnerable to a trust management issue, which exists due to hard-coded credentials in the application code. A local attacker could exploit...

CVE-2021-45033

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions V16.20, CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions V16.20, CP-8021 MASTER MODULE All versions V16.20, CP-8022 MASTER MODULE WITH GPRS All versions V16.20. An undocumented debug port uses...

Night Sky: the new corporate ransomware demanding a sky high ransom

Theres a new ransomware in town—isnt there always?—and its, unsurprisingly, after corporation-sized businesses. Its called Night Sky, and it was first spotted and revealed by MalwareHunterTeam, a group on Twitter who hunts malware online, on the first day of 2022. First day of the year, and a new...

CVE-2021-45033

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions V16.20, CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions V16.20, CP-8021 MASTER MODULE All versions V16.20, CP-8022 MASTER MODULE WITH GPRS All versions V16.20. An undocumented debug port uses...

Siemens SICAM A8000 CP-8000 信任管理问题漏洞

The SICAM A8000 is used for automation applications in all areas of remote control and energy supply. A hard-coded credentials vulnerability exists in the Siemens SICAM A8000, which can be exploited by an attacker to enable the debug port using default credentials...

Siemens SICAM A8000

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM A8000 Vulnerabilities: Use of Hard-coded Credentials, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a privileged user...

GHSA-9FJ5-JG6F-QG5R Use of Hard-coded Credentials in Apache Kylin

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

Use of Hard-coded Credentials in Apache Kylin

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

D-Link DIR-2640 trust management issue vulnerability

D-Link DIR-2640 is a high-powered Wi-Fi router from D-Link, a Taiwan-based company. D-Link DIR-2640 Quagga 1.11B02 and previous versions are vulnerable to a trust management issue, which stems from the use of default hard-coded credentials for the service, and can be exploited by remote attackers...

Netgear RAX43 has an unspecified vulnerability (CNVD-2022-02648)

Netgear RAX43 is a wireless router from Netgear USA.A security vulnerability exists in Netgear RAX43, which stems from the use of hard-coded credentials. Because the configuration backup is encrypted, it appears that an ordinary user is not intended to be able to manipulate the configuration...

CVE-2021-20132

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router i.e., as the "admin" user, UID 0...

CVE-2021-20132

CVE-2021-20132 affects D-Link DIR-2640 with Quagga services (zebra and ripd) running on versions up to 1.11B02. The root cause is default hard-coded credentials, allowing a remote attacker to gain administrative access (root privileges, UID 0) to these services. Several connected records (e.g., R...

Netgear RAX43 信任管理问题漏洞

Netgear RAX43 is a wireless router from Netgear USA.A security vulnerability exists in Netgear RAX43, which stems from the use of hard-coded credentials. Because the configuration backup is encrypted, it appears that an ordinary user is not intended to be able to manipulate the configuration...

D-Link DIR-2640 信任管理问题漏洞

D-Link DIR-2640 is a high-powered Wi-Fi router from D-Link, a Taiwan-based company. D-Link DIR-2640 Quagga 1.11B02 and previous versions are vulnerable to a trust management issue, which stems from the use of default hard-coded credentials for the service, and can be exploited by remote attackers...

CVE-2021-32993

IntelliBridge EC 40 and 60 Hub C.00.04 and prior contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

CVE-2021-35232

Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users ...

CVE-2021-35232

Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users ...