Lucene search
K

8076 matches found

Tenable Nessus
Tenable Nessus
added 2022/07/21 12:0 a.m.111 views

Atlassian Confluence < 7.4.17 / 7.13.x < 7.13.6 / < 7.14.3 / 7.15.x < 7.15.2 / 7.16.x < 7.16.4 / 7.17.x < 7.17.2 (CONFSERVER-79483)

The version of Atlassian Confluence installed on the remote host is prior to 7.4.17 / 7.13.x 7.13.6 / 7.14.x 7.14.3 / 7.15.x 7.15.2 / 7.16.x 7.16.4 / 7.17.x 7.17.2. It is potentially affected by a hard-coded credential vulnerability if the 'Questions for Confluence' app is installed. The Atlassia...

9.8CVSS8.7AI score0.9817EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/07/20 3:24 p.m.32 views

CVE-2022-2107 ICSA-22-200-01 MiCODUS MV720 GPS tracker Use of Hard-coded Credentials

The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS owner’s mobile number...

9.8CVSS9.8AI score0.01172EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/07/20 3:24 p.m.5 views

CVE-2022-2107 ICSA-22-200-01 MiCODUS MV720 GPS tracker Use of Hard-coded Credentials

The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS owner’s mobile number...

9.8CVSS7.2AI score0.01172EPSS
Exploits0References1
CVE
CVE
added 2022/07/20 3:24 p.m.2415 views

CVE-2022-2107

CVE-2022-2107: MiCODUS MV720 GPS tracker API server uses a hard-coded master password, enabling unauthenticated login and direct SMS-command control of trackers (impersonating owners, accessing/modifying data, and potentially steering vehicles). Device IDs are sequential, aiding targeting. Public...

9.8CVSS9.7AI score0.01172EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/07/20 12:0 a.m.8 views

Atlassian Confluence Server 信任管理问题漏洞

Atlassian Confluence Server is the server version of Atlassian Australia's suite of collaboration software with enterprise knowledge management capabilities and support for building enterprise WiKi. A security vulnerability exists in Atlassian Confluence Server and Data Center that stems from the...

9.8CVSS8.5AI score0.9817EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/07/20 12:0 a.m.3 views

WAVLINK WN530HG4 信任管理问题漏洞

The WAVLINK WN530HG4 is a wireless router from the Chinese company WAVLINK. A security vulnerability exists in WAVLINK WN530HG4 M30HG4.V5030.191116 version, which originates from a hard-coded encryption/decryption key contained in the configuration file of xportAllSettings.sh. No details of the...

9.8CVSS5.5AI score0.02415EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/07/20 12:0 a.m.5 views

PT-2022-14860 · Micodus · Micodus Mv720

Name of the Vulnerable Software and Affected Versions: MiCODUS MV720 GPS tracker affected versions not specified Description: The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS...

9.8CVSS9.6AI score0.01172EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/07/20 12:0 a.m.3 views

Goldshell ASIC Miners 信任管理问题漏洞

Goldshell ASIC Miners is a mining host from Goldshell China. A security vulnerability exists in Goldshell ASIC Miners version v2.1.x, which stems from the discovery of hard-coded credentials included that allow an attacker to connect remotely via SSH protocol port 22...

9.8CVSS8.3AI score0.00934EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/07/19 2:15 p.m.3 views

CVE-2022-29060

A use of hard-coded cryptographic key vulnerability CWE-321 in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device...

8.1CVSS7.1AI score0.00576EPSS
Exploits0References2
OSV
OSV
added 2022/07/19 2:15 p.m.4 views

CVE-2022-29060

A use of hard-coded cryptographic key vulnerability CWE-321 in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device...

8.1CVSS5.8AI score0.00576EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/07/19 12:0 a.m.4 views

MiCODUS MV720 GPS 信任管理问题漏洞

The MiCODUS MV720 GPS is a GPS tracker from MiCODUS USA. The MiCODUS MV720 GPS tracker suffers from a trust management issue vulnerability that stems from the API server having an authentication mechanism that allows the device to use a hard-coded master password. This could allow an attacker to...

9.8CVSS8.6AI score0.01172EPSS
Exploits0References4
ICS
ICS
added 2022/07/19 12:0 a.m.84 views

MiCODUS MV720 GPS tracker

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: MiCODUS Equipment: MV720 GPS tracker Vulnerabilities: Use of Hard-coded Credentials, Improper Authentication, Cross-site Scripting, Authorization Bypass Through User-controlled Key 2. UPDATE OR REPOSTED...

9.8CVSS8.3AI score0.01172EPSS
Exploits0References5
OSV
OSV
added 2022/07/17 9:15 p.m.3 views

CVE-2022-30622

Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sysusernamepasswd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within...

7.3CVSS5.8AI score0.00173EPSS
Exploits0References1
NVD
NVD
added 2022/07/17 9:15 p.m.9 views

CVE-2022-30622

Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sysusernamepasswd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within...

7.3CVSS0.00173EPSS
Exploits0References1
Prion
Prion
added 2022/07/17 9:15 p.m.14 views

Default credentials

Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sysusernamepasswd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within...

4.1CVSS7.1AI score0.00173EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/07/17 8:11 p.m.16 views

CVE-2022-30622 Chcnav - P5E GNSS Information disclosure

Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sysusernamepasswd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within...

5.3CVSS7.4AI score0.00173EPSS
Exploits0References1
CVE
CVE
added 2022/07/17 8:11 p.m.496 views

CVE-2022-30622

CVE-2022-30622 relates to Chcnav P5E GNSS and involves disclosure of usernames and passwords without permissions via the API path http://api/sys_username_passwd.cmd and hard-coded credentials in Login.js (Username: chcadmin, Password: chcpassword). This could enable local system access and super-...

7.3CVSS6.1AI score0.00173EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2022/07/15 12:0 a.m.18 views

TOTOLINK A720R has a hard-coded vulnerability

The TOTOLINK A720R is a wireless router. A hard-coded vulnerability exists in TOTOLINK A720R, which can be exploited by attackers to obtain sensitive information...

6.8AI score
Exploits0
OSV
OSV
added 2022/07/14 9:15 p.m.3 views

CVE-2022-32389

Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. This allows attackers to access sensitive information such as user credentials and certificates...

7.5CVSS5.8AI score0.00468EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/07/14 9:15 p.m.1 views

CVE-2022-32389

Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. This allows attackers to access sensitive information such as user credentials and certificates...

7.5CVSS5.8AI score0.00468EPSS
Exploits0References4
Rows per page
Query Builder