Lucene search
K

8070 matches found

Positive Technologies
Positive Technologies
added 2021/08/23 12:0 a.m.5 views

PT-2021-22677 · D Link · D-Link Dvg-3104Ms

Name of the Vulnerable Software and Affected Versions: D-Link DVG-3104MS versions 1.0.2.0.3 through 1.0.2.0.4E Description: The issue concerns hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. Weak passwords have been used, allowing plaintext passwords to be recover...

9.8CVSS7AI score0.01714EPSS
Exploits1References8
NVD
NVD
added 2021/08/18 10:15 p.m.15 views

CVE-2021-32588

A use of hard-coded credentials CWE-798 vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application...

10CVSS0.03333EPSS
Exploits0References1
Prion
Prion
added 2021/08/18 10:15 p.m.24 views

Hardcoded credentials

A use of hard-coded credentials CWE-798 vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application...

10CVSS9.5AI score0.03333EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2021/08/18 9:30 p.m.9 views

CVE-2021-32588

A use of hard-coded credentials CWE-798 vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application...

9.8CVSS7.5AI score0.03333EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/08/18 9:30 p.m.17 views

CVE-2021-32588

A use of hard-coded credentials CWE-798 vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application...

9.8CVSS9.8AI score0.03333EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/17 12:0 a.m.14 views

Tecknodreams SapphireIMS OS Command Injection Vulnerability

Tecknodreams SapphireIMS is an ITIL 2011 certified enterprise class service management system from Tecknodreams India. Tecknodreams SapphireIMS 5.0 suffers from an operating system command injection vulnerability that originates in SapphireIMS 5.0, where hardcoded credentials username: sapphire,...

9.8CVSS9.9AI score0.02129EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/11 12:0 a.m.3 views

Tecknodreams SapphireIMS 信任管理问题漏洞

Tecknodreams SapphireIMS is an ITIL 2011 certified enterprise-class service management system from Tecknodreams India.A trust management issue vulnerability exists in SapphireIMS 5.0, which stems from the fact that in SapphireIMS 5.0, it is possible to use hard-coded credentials in the client...

9.8CVSS6.1AI score0.02129EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2021/08/10 12:0 a.m.28 views

Johnsoncontrols Metasys Use of Hard-coded Credentials

Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal SMP. File data ot500384.nasl...

9.1CVSS2.5AI score0.00632EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/08/10 12:0 a.m.17 views

Johnsoncontrols Metasys Use of Hard-coded Credentials

Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal SMP. File data ot500401.nasl...

9.1CVSS2.9AI score0.0082EPSS
Exploits0References3
CNVD
CNVD
added 2021/08/04 12:0 a.m.16 views

Fortinet FortiPortal Trust Management Issue Vulnerability

Fortinet FortiPortal is an advanced, feature-rich managed security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for MSPs.Fortinet FortiPortal has a trust management issue vulnerability, which stems from the...

10CVSS2.7AI score0.03333EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/08/03 12:0 a.m.6 views

Fortinet FortiPortal 信任管理问题漏洞

Fortinet FortiPortal is an advanced, feature-rich managed security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for MSPs.Fortinet FortiPortal has a trust management issue vulnerability, which stems from the...

10CVSS6AI score0.03333EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2021/08/03 12:0 a.m.31 views

D-Link DIR-3040 < 1.13B03 Hotfix Multiple Vulnerabilities - Active Check

D-Link DIR-3040 devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX = "cpe:/o:dlink"; if...

10CVSS6.1AI score0.36486EPSS
Exploits8References6
Fortinet
Fortinet
added 2021/08/03 12:0 a.m.45 views

FortiPortal - Authentication bypass and remote code execution as root

A use of hard-coded credentials CWE-798 vulnerability in FortiPortal may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password.Â...

10CVSS9.3AI score0.03333EPSS
Exploits0Affected Software1
ICS
ICS
added 2021/08/03 12:0 a.m.62 views

Swisslog Healthcare Translogic PTS

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Swisslog Healthcare Equipment: Translogic PTS Pneumatic Tube Systems Vulnerabilities: Use of Hard-coded Password, Execution with Unnecessary Privileges, Improper Authentication, Download of Code without...

10CVSS10AI score0.08227EPSS
Exploits0References5
NVD
NVD
added 2021/08/02 9:15 p.m.10 views

CVE-2021-27503

Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of the communication protocol between the Ypsomed mylife App and mylife Cloud credentials based on...

5.8CVSS0.00562EPSS
Exploits0References1
OSV
OSV
added 2021/08/02 9:15 p.m.3 views

CVE-2021-27503

Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of the communication protocol between the Ypsomed mylife App and mylife Cloud credentials based on...

4.8CVSS5.8AI score0.00562EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/08/02 8:42 p.m.14 views

CVE-2021-27503

Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of the communication protocol between the Ypsomed mylife App and mylife Cloud credentials based on...

5.4AI score0.00562EPSS
Exploits0References1
Huntr
Huntr
added 2021/08/02 5:13 p.m.20 views

in star7th/showdoc

✍️ Description The referenced code contains a hard-coded salt that is used for all passwords, ideally - a unique salt should be generated for each password and then would be stored alongside it as oppose to the constant one that is used for all passwords in the showdoc repository. 🕵️‍♂️ Proof of...

4CVSS0.2AI score0.0046EPSS
Exploits1
GithubExploit
GithubExploit
added 2021/07/29 12:46 a.m.138 views

Exploit for Use of Hard-coded Credentials in Glpi-Project Glpi

CVE-2020-5248 POC 환경 구성 및 테스트 입니다. 테스트 방법 - 환경 구성 v...

7.2CVSS5.8AI score0.01426EPSS
Exploits2
OSV
OSV
added 2021/07/28 12:15 a.m.6 views

CVE-2020-5351

Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is protected with a hard-coded password. A remote unauthenticated malicious user with the knowledge of the hard-coded password may login to the system and gain read-only...

7.5CVSS5.8AI score0.01064EPSS
Exploits0References1
Rows per page
Query Builder