3041 matches found
Hardcoded credentials
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password...
PT-2023-4529 · Phoenix Contact · Phoenix Contact Wp 6Xxx Series Web Panels
Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT WP 6xxx series web panels versions prior to 4.0.10 Description: The issue is related to the use of hardcoded credentials in the web panels for managing and monitoring processes in industrial systems. An authenticated, remote...
Hardcoded credentials
TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password PIN: 385521, 843646, and 592671...
Hardcoded credentials
Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions...
Hardcoded credentials
An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the...
Hardcoded credentials
Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access system to operate processes and access data. This issue affects Vitals ESP: from 3.0.8 through...
Hardcoded credentials
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Item/Configure permission to access and capture credentials they are not entitled to. See the following Jenkins security advisory for details:...
Hardcoded credentials
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details:...
Hardcoded credentials
Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript...
Hardcoded credentials
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...
CVE-2023-34128
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...
CVE-2023-34128
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...
Hardcoded credentials
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...
CVE-2023-34128
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...
CVE-2023-34128
The CVE maps to SonicWall GMS and Analytics where Tomcat credentials are hardcoded in the GMS/Analytics configuration file. Affected versions are SonicWall GMS 9.3.2-SP1 and earlier, and Analytics 2.5.0.4-R7 and earlier. Root cause: hardcoded Tomcat credentials in the configuration file, which ca...
SonicWALL Analytics和GMS 安全漏洞
SonicWALL Analytics and SonicWALL GMS are both products of SonicWALL, Inc. of the U.S. SonicWALL Analytics is a high-performance management and reporting engine for the Web.SonicWALL GMS is a global management system. A powerful and intuitive solution for organizations, distributed enterprises an...
PT-2023-5755 · Sonicwall +1 · Sonicwall Gms +2
Name of the Vulnerable Software and Affected Versions: SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier Description: The issue is related to hardcoded Tomcat application credentials in the SonicWall GMS and Analytics configuration file. This could...
Hardcoded credentials
Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This...
Hardcoded credentials
SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes...
Hardcoded credentials
The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. This allows a local user to calculate the root password and escalate privileges...