3041 matches found
Hardcoded credentials
AMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability...
Hardcoded credentials
AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability...
Hardcoded credentials
"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service...
Hardcoded credentials
Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController...
Schneider Electric Modicon Exposure of Sensitive Information to an Unauthorized Actor (CVE-2019-6852)
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions, which could cause the disclosure of FTP...
Schneider Electric BMX Use of Hard-coded Credentials (CVE-2019-6812)
A CWE-798 use of hardcoded credentials vulnerability exists in BMX- NOR-0200H with firmware versions prior to V1.7 IR 19 which could cause a confidentiality issue when using FTP protocol. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Schneider Electric Modicon Use of Hard-coded Credentials (CVE-2019-6859)
A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers All versions of the following CPUs and Communication Module product references listed in the Security Notifications, which could cause the disclosure of FTP hardcoded credentials when using the Web server of the...
Hardcoded credentials
The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt an...
Hardcoded credentials
OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...
Hardcoded credentials
Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information...
Hardcoded credentials
An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip...
Hardcoded credentials
A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...
Siemens SICAM A8000 Devices CPCI85 Firmware Hardcoded Credentials Vulnerability
The SICAM A8000 RTUs Remote Terminal Units series is a modular device family for remote control and automation applications in all areas of energy supply. A hard-coded credentials vulnerability exists in the Siemens SICAM A8000 Devices CPCI85 Firmware, which can be exploited by an attacker to log...
CVE-2023-32751
Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript 1. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it i...
Hardcoded credentials
Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption...
CVE-2022-4333
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines...
Hardcoded credentials
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines...
CVE-2022-4333 Sprecher: Sprecon maintenance access with hardcoded credentials
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines...
CVE-2022-4333
CVE-2022-4333 concerns Sprecher Automation SPRECON-E CPU variants with hardcoded credentials that enable a remote attacker to take over the device. Multiple connected sources (Red Hat advisory, Tenable OT plugin, CVE records, and vendor/PT/security databases) consistently describe a vulnerability...
CVE-2022-4333 Sprecher: Sprecon maintenance access with hardcoded credentials
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines...