PT-2023-19648 · Electra · Electra Central Ac Unit

Name of the Vulnerable Software and Affected Versions: Electra Central AC unit affected versions not specified Description: The issue concerns hardcoded credentials in unspecified code used by the Electra Central AC unit. There is no information provided about the estimated number of potentially...

CVE-2023-24501

CVE-2023-24501 affects the Electra Central AC unit, where hardcoded credentials are present in unspecified code used by the unit. The security impact is high across confidentiality, integrity, and availability, with a network attack surface and no user interaction required. The available document...

CVE-2022-37255

TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603...

Hardcoded credentials

The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to...

Hardcoded credentials

This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...

JVN#40604023: Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210

SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210 provided by Seiko Solutions Inc. contain multiple vulnerabilities listed below. Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2016-2183 Version| Vector| Score ---|---|--- CVSS v3|...

Hardcoded credentials

Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. The user is not visible in Usernames and Passwords menu list of the application and the password cannot be changed through...

Hardcoded credentials

comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with parsedocument. This AST can then be converted to HTML via html::formatdocumentwithplugins. However, the HTML...

Hardcoded credentials

A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 Build Nr. 1.2.23000.291...

PT-2023-7104 · Unknown · Osprey Pump Controller

Name of the Vulnerable Software and Affected Versions: Osprey Pump Controller version 1.01 Description: The issue is related to the use of hardcoded credentials in the Osprey Pump Controller software. This allows a remote attacker to gain full access to the web management interface configuration...

Hardcoded credentials

Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network...

Hardcoded credentials

HTML Email Injection in Tribe29 Checkmk =2.1.0p23; =2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails...

Hardcoded credentials

A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Propius MachineSelector 6.6.0 and 6.6.1 allows remote attackers to gain access to the admin panel Propiusadmin.php, which allows taking control of the affected system...

Hardcoded credentials

Akuvox E11 uses a weak encryption algorithm for stored passwords and uses a hard-coded password for decryption which could allow the encrypted passwords to be decrypted from the configuration file...

Hardcoded credentials

PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key PanIndex is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any actions as a user with admin privileges. Version 3.1.3 has a patch for the issue. As a workaround, on...

Hardcoded credentials

Akuvox E11 uses a hard-coded cryptographic key, which could allow an attacker to decrypt sensitive information...

PT-2023-1633 · Unknown · Mxsecurity

Name of the Vulnerable Software and Affected Versions: MXsecurity version 1.0 Description: The issue is related to hardcoded credentials in MXsecurity, which can be exploited to craft arbitrary JWT tokens and bypass authentication for web-based APIs. This allows a remote attacker to elevate their...

Hardcoded credentials

Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and execute it. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22336...

Hardcoded credentials

Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links i.e. creating a Gradio app and then setting share=True, a private SSH key is sent to any...

CVE-2022-46637

Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services...