Sitecore XP CVE-2025-34511 Post-Authentication File Upload

This module exploits CVE-2025-34511, a file upload vulnerability in PowerShell extensions. The module exploits also CVE-2025-34509 - hardcoded credentials of ServicesAPI account - to gain foothold. Module Options msf use exploit/windows/http/sitecorexpcve202534511 msf exploitsitecorexpcve20253451...

CVE-2025-56466

Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information...

CVE-2025-56466

Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information...

PT-2025-37053

Name of the Vulnerable Software and Affected Versions: Dietly version 1.25.0 Description: The application contains hardcoded credentials, potentially allowing attackers to gain sensitive information. Recommendations: Update to a version without hardcoded credentials. At the moment, there is no...

CVE-2025-56466

The CVE-2025-56466 entry concerns the Dietly Android app (version 1.25.0). The connected documents confirm a hardcoded credential issue in Dietly v1.25.0, which can lead to disclosure of sensitive information. The vulnerability arises from credentials hardcoded into the application, enabling atta...

CVE-2025-56466

Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information...

CVE-2025-56466

Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information...

CVE-2025-9696 Use of Hard-coded Credentials in SunPower PVS6

The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the...

CVE-2025-9696 Use of Hard-coded Credentials in SunPower PVS6

The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the...

Tenda F1202 安全漏洞

The Tenda F1202 is a dual-band Wi-Fi router with fifth-generation technology from Tenda, China. A security vulnerability exists in the Tenda F1202 version 1.2.0.9, 1.2.0.14, and 1.2.0.20, which originates in the file /etcro/shadow, where an action on the input Fireitup can result in hardcoded...

CVE-2025-9380

A vulnerability was identified in FNKvision Y215 CCTV Camera 10.194.120.40. Affected by this issue is some unknown functionality of the file /etc/passwd of the component Firmware. Such manipulation leads to hard-coded credentials. Local access is required to approach this attack. The exploit is...

CVE-2025-9310

A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Affected by this vulnerability is an unknown functionality of the file /carRentalwar/druid/login.html of the component Druid. Executing manipulation can lead to hard-coded credentials. The attack ma...

CVE-2025-9091

A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etcro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high...

Belkin F9K1009 and Belkin F9K1010 Hardcoded Credential Vulnerabilities

The Belkin F9K1009 and Belkin F9K1010 are both a wireless router from Belkin Canada. The Belkin F9K1009 and Belkin F9K1010 have a hard-coded credential vulnerability that can be exploited by an attacker to gain access to the devices...

PT-2025-32361 · Belkin · Belkin F9K1009 +1

Name of the Vulnerable Software and Affected Versions: Belkin F9K1009 versions 2.00.04 through 2.00.09 Belkin F9K1010 versions 2.00.04 through 2.00.09 Description: A critical issue exists in the Web Interface component due to hard-coded credentials. This allows for remote attacks. The exploit has...

CVE-2014-125121

Array Networks vAPV version 8.3.2.17 and vxAG version 9.2.0.34 appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials or SSH private key and insecure permissions on a startup script. The devices ship with a default SSH login or a...

CVE-2019-19145

Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account because there are only 65536 possible passwords...

CVE-2014-125121 Array Networks vAPV and vxAG Default Credential Privilege Escalation

Array Networks vAPV version 8.3.2.17 and vxAG version 9.2.0.34 appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials or SSH private key and insecure permissions on a startup script. The devices ship with a default SSH login or a...

PT-2025-31541 · Undefined · Undefined

Array Networks vAPV version 8.3.2.17 and vxAG version 9.2.0.34 appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials or SSH private key and insecure permissions on a startup script. The devices ship with a default SSH login or a...

Android-Reports-and-Resources

It is an offensive tool for Android. This repository contains a list of Android Hackerone disclosed reports and other resources, including hardcoded credentials, WebView vulnerabilities, insecure deeplinks, and RCE/ACE exploits. The primary report is CVE-2021-XXXX-XXXX, but only a few reports are...