7554 matches found
CVE-2025-57174
An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which uses static AES encryption keys hardcoded in the binary. These keys are identical across all...
CVE-2025-57174
CVE-2025-57174 covers Siklu EtherHaul EH-8010/ EH-1200 devices (firmware 7.4.0–10.7.3) where the rfpiped service on TCP port 555 uses static, hardcoded AES keys. The keys are identical across devices, enabling an unauthenticated attacker to craft encrypted packets and trigger remote command execu...
CVE-2025-57174
An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which uses static AES encryption keys hardcoded in the binary. These keys are identical across all...
CVE-2025-57174
An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which uses static AES encryption keys hardcoded in the binary. These keys are identical across all...
gosec
This is a Go AST Abstract Syntax Tree scanner for identifying security vulnerabilities in Go code. The scanner is called "gosec" and is part of the GolangCI project. It can be installed using the command "go get github.com/golangci/gosec/cmd/gosec/...". The scanner can be configured to run a subs...
shiro-exploit
This is a Python script for exploiting a vulnerability in Apache Shiro, a Java-based security framework. The script is designed to bypass authentication and authorization checks in Shiro, allowing an attacker to gain unauthorized access to sensitive data. The script uses the Crypto.Cipher module ...
PT-2025-37368
Name of the Vulnerable Software and Affected Versions Siklu Communications Etherhaul 8010TX and 1200FX devices versions 7.4.0 through 10.7.3 Description An issue exists in the rfpiped service, listening on TCP port 555, which utilizes static AES encryption keys hardcoded within the binary. These...
PT-2025-37370
Name of the Vulnerable Software and Affected Versions Ceragon Networks / Siklu Communication EtherHaul series versions 7.4.0 through 10.7.3 Description The rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak...
PT-2025-37369
Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10 6 2-18707-ea552dc00b devices have a static root password...
CVE-2025-56466
Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information...
📄 Sitecore XP Post-Authentication File Upload
This Metasploit module exploits Sitecore XP with a file upload vulnerability in PowerShell extensions and a hardcoded credential vulnerability with the ServicesAPI account to gain a foothold. This module requires Metasploit: https://metasploit.com/download Current source:...
📄 Sitecore XP Post-Authentication Remote Code Execution
This Metasploit module exploits Sitecore XP with a path traversal that leads to remote code execution as well as a hardcoded credential vulnerability in the ServicesAPI account to gain a foothold. This module requires Metasploit: https://metasploit.com/download Current source:...
Sitecore XP CVE-2025-34510 Post-Authentication Remote Code Execution
This module exploits CVE-2025-34510, path traversal leading to remote code execution. The module exploits also CVE-2025-34509 - hardcoded credentials of ServicesAPI account - to gain foothold. Module Options msf use exploit/windows/http/sitecorexpcve202534510 msf exploitsitecorexpcve202534510 sho...
Sitecore XP CVE-2025-34511 Post-Authentication File Upload
This module exploits CVE-2025-34511, a file upload vulnerability in PowerShell extensions. The module exploits also CVE-2025-34509 - hardcoded credentials of ServicesAPI account - to gain foothold. Module Options msf use exploit/windows/http/sitecorexpcve202534511 msf exploitsitecorexpcve20253451...
CVE-2025-56466
Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information...
CVE-2025-56466
Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information...
CVE-2025-10221 Hardcoded Password Exposure in AxxonNet (C-WerkNet) ARP Agent Logs
Insertion of Sensitive Information into Log File CWE-532 in the ARP Agent component in AxxonSoft Axxon One / AxxonNet / C-WerkNet 2.0.4 and earlier on Windows platforms allows a local attacker to obtain plaintext credentials via reading TRACE log files containing serialized JSON with passwords...
CVE-2025-10221 Hardcoded Password Exposure in AxxonNet (C-WerkNet) ARP Agent Logs
Insertion of Sensitive Information into Log File CWE-532 in the ARP Agent component in AxxonSoft Axxon One / AxxonNet / C-WerkNet 2.0.4 and earlier on Windows platforms allows a local attacker to obtain plaintext credentials via reading TRACE log files containing serialized JSON with passwords...
CVE-2025-10221
CVE-2025-10221 concerns the ARP Agent component in AxxonSoft Axxon One / AxxonNet / C-WerkNet 2.0.4 and earlier on Windows. The root cause is insertion of sensitive information into TRACE log files, allowing a local attacker to read serialized JSON with passwords and obtain plaintext credentials....
CVE-2025-56466
The CVE-2025-56466 entry concerns the Dietly Android app (version 1.25.0). The connected documents confirm a hardcoded credential issue in Dietly v1.25.0, which can lead to disclosure of sensitive information. The vulnerability arises from credentials hardcoded into the application, enabling atta...