8070 matches found
Jenkins Warnings Next Generation 路径遍历漏洞
Jenkins Warnings Next Generation is Jenkins an open source application plugin . The plugin is used to collect compiler warnings or static analysis tools to report problems and visualize the results . A security vulnerability exists in Jenkins Warnings Next Generation Plugin that allows an attacke...
Schneider Electric Easergy P5 信任管理问题漏洞
The Schneider Electric Easergy P5 is a protective relay for demanding medium voltage applications from Schneider Electric, France. The Schneider Electric Easergy P5 is vulnerable to a trust management issue, which exists due to the presence of hard-coded credentials in the application code. An...
CVE-2021-43052
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the...
Authentication flaw
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the...
CVE-2021-43052 TIBCO FTL Secret Generation Vulnerability
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the...
CVE-2021-45033
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions V16.20, CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions V16.20, CP-8021 MASTER MODULE All versions V16.20, CP-8022 MASTER MODULE WITH GPRS All versions V16.20. An undocumented debug port uses...
Night Sky: the new corporate ransomware demanding a sky high ransom
Theres a new ransomware in town—isnt there always?—and its, unsurprisingly, after corporation-sized businesses. Its called Night Sky, and it was first spotted and revealed by MalwareHunterTeam, a group on Twitter who hunts malware online, on the first day of 2022. First day of the year, and a new...
CVE-2021-45033
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions V16.20, CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions V16.20, CP-8021 MASTER MODULE All versions V16.20, CP-8022 MASTER MODULE WITH GPRS All versions V16.20. An undocumented debug port uses...
Siemens SICAM A8000 CP-8000 信任管理问题漏洞
The SICAM A8000 is used for automation applications in all areas of remote control and energy supply. A hard-coded credentials vulnerability exists in the Siemens SICAM A8000, which can be exploited by an attacker to enable the debug port using default credentials...
TIBCO Software FTL 信任管理问题漏洞
Tibco Ftl is an application-to-application messaging system from Tibco USA, Inc. Designed for low latency and high performance, TIBCO FTL suffers from a trust management issue vulnerability that stems from hard-coded secrets used in the default domain server, which can be exploited by attackers t...
Siemens SICAM A8000
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM A8000 Vulnerabilities: Use of Hard-coded Credentials, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a privileged user...
Use of Hard-coded Credentials in Apache Kylin
Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...
GHSA-9FJ5-JG6F-QG5R Use of Hard-coded Credentials in Apache Kylin
Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...
ControlUp Real-Time Agent 信任管理问题漏洞
ControlUp Real-Time Agent is a real-time agent from Controlup, Inc. A security vulnerability exists in ControlUp Real-Time Agent that stems from a hard-coded key in ControlUp Real-Time Agent versions prior to 8.2.5 that allows potential attackers to exploit the vulnerability to run operating syst...
D-Link DIR-2640 trust management issue vulnerability
D-Link DIR-2640 is a high-powered Wi-Fi router from D-Link, a Taiwan-based company. D-Link DIR-2640 Quagga 1.11B02 and previous versions are vulnerable to a trust management issue, which stems from the use of default hard-coded credentials for the service, and can be exploited by remote attackers...
Netgear RAX43 has an unspecified vulnerability (CNVD-2022-02648)
Netgear RAX43 is a wireless router from Netgear USA.A security vulnerability exists in Netgear RAX43, which stems from the use of hard-coded credentials. Because the configuration backup is encrypted, it appears that an ordinary user is not intended to be able to manipulate the configuration...
Trendnet AC2600 TEW-827DRU Trust Management Issue Vulnerability
The Trendnet AC2600 TEW-827DRU is a wireless router that has a security vulnerability that could be exploited by attackers to back up and restore device configurations through the management web interface. The devices are encrypted using the hard-coded password "12345678"...
CVE-2021-20132
Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router i.e., as the "admin" user, UID 0...
CVE-2021-20132
CVE-2021-20132 affects D-Link DIR-2640 with Quagga services (zebra and ripd) running on versions up to 1.11B02. The root cause is default hard-coded credentials, allowing a remote attacker to gain administrative access (root privileges, UID 0) to these services. Several connected records (e.g., R...
Trendnet AC2600 信任管理问题漏洞
The Trendnet AC2600 TEW-827DRU is a wireless router that has a security vulnerability that could be exploited by attackers to back up and restore device configurations through the management web interface. The devices are encrypted using the hard-coded password "12345678"...