CVE-2022-4780 hard coded credentials in elvexys ISOS firmwares

ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change...

CVE-2022-4780 hard coded credentials in elvexys ISOS firmwares

ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change...

CVE-2022-4780

Summary: CVE-2022-4780 affects ISOS firmwares 1.81–2.00, due to hardcoded credentials in the embedded StreamX installer. The root cause is fixed credentials that integrators are not forced to change, enabling potential unauthorized access to the appliance/update flow. Impact (as stated): unauthor...

PT-2022-28087 · Isos · Isos

Name of the Vulnerable Software and Affected Versions: ISOS firmwares versions 1.81 through 2.00 Description: The issue concerns hardcoded credentials in the embedded StreamX installer within ISOS firmwares. These credentials are not mandatory for integrators to change, posing a security risk...

Hardcoded credentials

Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability...

Hardcoded credentials

Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox 101...

Hardcoded credentials

When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system compromise if the downloaded file was later ran. This vulnerability affects Firefox 107...

Hardcoded credentials

When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed...

Hardcoded credentials

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

Hardcoded credentials

Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface...

Hardcoded credentials

ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. The request...

Hardcoded credentials

A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This affects an unknown part. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed...

Click Studios Passwordstate 信任管理问题漏洞

Click Studios Passwordstate passwordstate is a password management software from the Click Studios team in Australia. The program provides users with the ability to save their passwords, record their accounts and passwords, and keep them safe. This program provides you with the ability to save yo...

Hardcoded credentials

Mutiny 7.2.0-10788 suffers from Hardcoded root password...

PT-2022-6297 · Апекс-Вуз · Апекс-Вуз

Name of the Vulnerable Software and Affected Versions: Апекс-ВУЗ affected versions not specified Description: The issue is related to the use of hardcoded credentials in the Апекс-ВУЗ education automation system. Exploitation of this issue may allow a remote attacker to gain full access to the...

Hardcoded credentials

The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks...

Hardcoded credentials

When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service DoS for the user if services like fail2ban are used...

PT-2022-5909 · Ami · Ami Megarac Baseboard Management Controller

Name of the Vulnerable Software and Affected Versions: AMI MegaRAC Baseboard Management Controller BMC affected versions not specified Description: The issue is related to the use of hardcoded credentials in the AMI MegaRAC Baseboard Management Controller BMC firmware. An attacker can exploit thi...

CVE-2022-44096

Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel...

CVE-2022-44097

Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel...