Lucene search
K

3043 matches found

Positive Technologies
Positive Technologies
added 2023/10/10 12:0 a.m.4 views

PT-2023-8552 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP versions prior to the fixed version Description: The BIG-IP SPK TMM contains hardcoded credentials in the f5-debug-sidecar and f5-debug-sshd containers. This may allow an attacker to impersonate the SPK Secure Shell SSH server on those...

7.4CVSS7.2AI score0.00376EPSS
Exploits0References4
Prion
Prion
added 2023/10/05 5:15 p.m.12 views

Hardcoded credentials

Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. With these credentials an attacker can retrieve information about the cameras, user information, and modify database records...

6.4CVSS8.9AI score0.00494EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/09/30 1:15 a.m.16 views

Hardcoded credentials

Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0...

5CVSS6AI score0.00541EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/09/21 5:15 p.m.26 views

Hardcoded credentials

Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying $\mathsfcid$ allows an attacker which must be a participant of this head to use a snapshot from an old head instance with the same participants to close the head or contest the state with i...

4.7CVSS6.4AI score0.00413EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/09/21 2:15 p.m.15 views

Hardcoded credentials

As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients to execute tpm2-tools binaries from a list of hardcoded options” The communication with this server is done using...

6.5CVSS9.4AI score0.00545EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/19 12:0 a.m.2 views

PT-2023-7770 · Nagios · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI affected versions not specified Description: The issue is related to the use of hardcoded credentials in a monitoring tool. Exploitation of this issue may allow an attacker to read, modify, or delete data, execute arbitrary code, or...

1.4CVSS7.4AI score
Exploits0References3
Prion
Prion
added 2023/09/18 4:15 p.m.22 views

Hardcoded credentials

An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie...

6.5CVSS8.8AI score0.0116EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/09/13 1:15 p.m.18 views

Hardcoded credentials

A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...

4.3CVSS7.5AI score0.00191EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/09/12 12:15 p.m.25 views

Hardcoded credentials

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

6.4CVSS6.5AI score0.00263EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/09/10 1:15 a.m.20 views

Hardcoded credentials

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92...

1.9CVSS7.5AI score0.00399EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/09/10 1:15 a.m.15 views

Hardcoded credentials

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92...

3.6CVSS7.5AI score0.00356EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/09/08 5:15 p.m.29 views

Hardcoded credentials

The html/template package does not apply the proper rules for handling occurrences of " contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack...

5.8CVSS6.4AI score0.00798EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/09/07 1:15 p.m.4 views

CVE-2023-39424

A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content such as a web shell component to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but c...

8.8CVSS6AI score0.00737EPSS
Exploits0References1
NVD
NVD
added 2023/09/07 1:15 p.m.15 views

CVE-2023-39424

A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content such as a web shell component to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but c...

9.9CVSS9.6AI score0.00737EPSS
Exploits0References1
Prion
Prion
added 2023/09/07 1:15 p.m.35 views

Hardcoded credentials

A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content such as a web shell component to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but c...

6.5CVSS9AI score0.00737EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/09/07 1:15 p.m.22 views

Hardcoded credentials

The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted interaction with these services...

4CVSS7.5AI score0.00392EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/09/07 12:25 p.m.48 views

CVE-2023-39424

CVE-2023-39424 affects the RDPngFileUpload.dll component used by the IRM Next Generation booking system. The vulnerability allows a remote attacker to upload arbitrary content (e.g., a web shell) to the SQL database and execute it with SYSTEM privileges. Authentication is required for exploitatio...

9.9CVSS9.5AI score0.00737EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/07 12:25 p.m.13 views

CVE-2023-39424 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in RDPngFileUpload.dll

A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content such as a web shell component to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but c...

9.9CVSS7.8AI score0.00737EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/07 12:25 p.m.15 views

CVE-2023-39424 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in RDPngFileUpload.dll

A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content such as a web shell component to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but c...

9.9CVSS10AI score0.00737EPSS
Exploits0References1
Prion
Prion
added 2023/09/06 10:15 a.m.26 views

Hardcoded credentials

Archer C50 firmware versions prior to 'Archer C50JPV3230505' and Archer C55 firmware versions prior to 'Archer C55JPV1230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command...

5.8CVSS8.8AI score0.00344EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder