1190 matches found
CVE-2022-38337
When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service DoS for the user if services like fail2ban are used...
CVE-2022-37832
Mutiny 7.2.0-10788 suffers from Hardcoded root password...
CVE-2022-35491
TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample...
CVE-2022-26119
A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...
CVE-2025-68718
KAYSUS KS-WR1200 routers with firmware 107 expose SSH and TELNET services on the LAN interface with hardcoded root credentials root:12345678. The administrator cannot disable these services or change the hardcoded password. Changing the management GUI password does not affect SSH/TELNET...
CVE-2013-7382
VICIDIAL dialer aka Asterisk GUI client 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the 1 VDAD and 2 VDCL users, which makes it easier for remote attackers to obtain access...
CVE-2019-12920
On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET login prompt...
📄 Backdoor.Win32.ControlTotal.t Hardcoded-Password Backdoor
This tool was design to leverage a hardcoded password backdoor in Backdoor.Win32.ControlTotal.t to simulate communications with the malware. ============================================================================================================================================= | Title :...
CVE-2025-41696 Hardcoded User Password
An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device...
CVE-2025-12676
The KiotViet Sync plugin for WordPress is vulnerable to authorizarion bypass in all versions up to, and including, 1.8.5. This is due to the plugin using a hardcoded password for authentication in the QueryControllerAdmin::authenticated function. This makes it possible for unauthenticated attacke...
CVE-2025-12676
The KiotViet Sync plugin for WordPress is vulnerable to authorizarion bypass in all versions up to, and including, 1.8.5. This is due to the plugin using a hardcoded password for authentication in the QueryControllerAdmin::authenticated function. This makes it possible for unauthenticated attacke...
CVE-2025-12676 KiotViet Sync <= 1.8.5 - Use of Hard-coded Password to Authorization Bypass
The KiotViet Sync plugin for WordPress is vulnerable to authorizarion bypass in all versions up to, and including, 1.8.5. This is due to the plugin using a hardcoded password for authentication in the QueryControllerAdmin::authenticated function. This makes it possible for unauthenticated attacke...
PT-2025-45094
Name of the Vulnerable Software and Affected Versions KiotViet Sync plugin for WordPress versions up to and including 1.8.5 Description The KiotViet Sync plugin for WordPress is susceptible to authorization bypass. This is caused by the use of a hardcoded password for authentication within the...
EUVD-2019-16058
Malware in sbrugna...
EUVD-2019-6778
Malware in sbrugna...
EUVD-2015-8246
Malware in sbrugna...
EUVD-2013-4302
Malware in sbrugna...
EUVD-2013-5768
Malware in sbrugna...
EUVD-2014-5284
Malware in sbrugna...
EUVD-2019-5536
Malware in sbrugna...