CVE-2020-24215

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration with the cleartext admin password, and...

CVE-2020-24218

CVE-2020-24218 affects URayTech IPTV/H.264/H.265 video encoders (up to version 1.97). The issue allows an unauthenticated remote attacker to log in as root using a hard-coded password embedded in the executable, effectively granting full control over the device. Documents indicate this involves d...

CVE-2020-24218

An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file...

CVE-2020-24215

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration with the cleartext admin password, and...

CVE-2020-24215

CVE-2020-24215 affects HiSilicon-based IPTV/H.264/H.265 video encoders. The issue arises from hard-coded credentials in HTTP requests, enabling an attacker to perform any administrative task, retrieve device configurations (including the cleartext admin password), and upload firmware. This can le...

CVE-2020-25987

MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash...

CVE-2020-25987

CVE-2020-25987 affects MonoCMS Blog 1.0. The issue arises from hard-coded admin hashes stored in log.xml within the MonoCMS Blog source, with the hash type bcrypt and hashcat mode 3200 cited as crackable. This can enable credential exposure or misuse if an attacker can access the log.xml contents...

Rockwell Automation ISaGRAF5 Runtime (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ISaGRAF5 Runtime Vulnerabilities: Use of Hard-coded Cryptographic Key, Unprotected Storage of Credentials, Relative Path Traversal, Uncontrolled Search Path Element,...

CVE-2019-17098

Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior...

CVE-2019-17098

Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior...

CVE-2019-17098 Use of Hard-coded Cryptographic Key vulnerability in August Connect Wi-Fi Bridge App

Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior...

maobugs

maobugs 喵喵喵 1.samples-web-1.2.4.war 为 shiro =1.2.4 硬编码漏洞的war包。说实在这个war真的是难打... 2.jdwp-shellifier-master.zip 自己调试的话使用 java -Xdebug -Xrunjdwp:transport=dtsocket,server=y,suspend=n,address=5005 -jar spring-boot-h2-0.0.1-SNAPSHOT.jar 打开jdwp端口 jdwp 端口开启了的话就能被rce ,详情解压文件readme。 这里并不是无条件rce。...

IBM Data Risk Manager Hardcoded Credentials Vulnerability

IBM Data Risk Manager is a data risk manager that helps discover, analyze and visualize business risks associated with data. A hard-coded credentials vulnerability exists in IBM Data Risk Manager 2.0.6. An attacker could exploit the vulnerability to obtain hard-coded credentials such as passwords...

Micro Focus Operations Bridge Reporter shrboadmin Use of Hard-coded Credentials Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the creation of the shrboadmin user during installation. The...

CVE-2020-4622

IBM Data Risk Manager iDNA 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 184983...

CVE-2020-4622

IBM Data Risk Manager iDNA 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 184983...

Hardcoded credentials

IBM Data Risk Manager iDNA 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 184983...

CVE-2020-4622

IBM Data Risk Manager iDNA 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 184983...

CVE-2020-4622

CVE-2020-4622 : IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials (password/cryptographic key) used for its own inbound authentication, outbound communication to external components, or encryption of internal data. This could undermine authentication/crypto trust within the produ...

CVE-2020-24876

Use of a hard-coded cryptographic key in Pancake versions 4.13.29 allows an attacker to forge session cookies, which may lead to remote privilege escalation...