3043 matches found
PT-2023-8552 · F5 · Big-Ip
Name of the Vulnerable Software and Affected Versions: BIG-IP versions prior to the fixed version Description: The BIG-IP SPK TMM contains hardcoded credentials in the f5-debug-sidecar and f5-debug-sshd containers. This may allow an attacker to impersonate the SPK Secure Shell SSH server on those...
Hardcoded credentials
Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. With these credentials an attacker can retrieve information about the cameras, user information, and modify database records...
Hardcoded credentials
Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0...
Hardcoded credentials
Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying $\mathsfcid$ allows an attacker which must be a participant of this head to use a snapshot from an old head instance with the same participants to close the head or contest the state with i...
Hardcoded credentials
As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients to execute tpm2-tools binaries from a list of hardcoded options” The communication with this server is done using...
PT-2023-7770 · Nagios · Nagios Xi
Name of the Vulnerable Software and Affected Versions: Nagios XI affected versions not specified Description: The issue is related to the use of hardcoded credentials in a monitoring tool. Exploitation of this issue may allow an attacker to read, modify, or delete data, execute arbitrary code, or...
Hardcoded credentials
An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie...
Hardcoded credentials
A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...
Hardcoded credentials
Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...
Hardcoded credentials
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92...
Hardcoded credentials
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92...
Hardcoded credentials
The html/template package does not apply the proper rules for handling occurrences of " contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack...
CVE-2023-39424
A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content such as a web shell component to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but c...
CVE-2023-39424
A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content such as a web shell component to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but c...
Hardcoded credentials
A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content such as a web shell component to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but c...
Hardcoded credentials
The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted interaction with these services...
CVE-2023-39424
CVE-2023-39424 affects the RDPngFileUpload.dll component used by the IRM Next Generation booking system. The vulnerability allows a remote attacker to upload arbitrary content (e.g., a web shell) to the SQL database and execute it with SYSTEM privileges. Authentication is required for exploitatio...
CVE-2023-39424 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in RDPngFileUpload.dll
A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content such as a web shell component to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but c...
CVE-2023-39424 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in RDPngFileUpload.dll
A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content such as a web shell component to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but c...
Hardcoded credentials
Archer C50 firmware versions prior to 'Archer C50JPV3230505' and Archer C55 firmware versions prior to 'Archer C55JPV1230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command...