Exploit for Server-Side Request Forgery in Havocframework Havoc

Havoc-C2-RCE CVE-2024-41570 This is a Chained RCE CVE-2024-...

CVE-2024-48126

HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access...

CVE-2024-48126

HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access...

PT-2025-2792 · Unknown · Hi-Scan 6040I

Name of the Vulnerable Software and Affected Versions: HI-SCAN 6040i Hitrax HX-03-19-I Description: The issue concerns hardcoded credentials in the system, which could allow unauthorized access to vendor support and service access. Recommendations: For HI-SCAN 6040i Hitrax HX-03-19-I, consider...

CVE-2024-48126

HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access...

CVE-2024-48126

CVE-2024-48126 affects the HI-SCAN 6040i Hitrax HX-03-19-I: hardcoded credentials in the device enable access to vendor support and service functions. The vulnerability is rated CVSS v3.1: 9.8 (CRITICAL) with Network attack vector and no authentication required, causing high confidentiality, inte...

CVE-2024-7344

Howyar UEFI Application "Reloader" 32-bit and 64-bit is vulnerable to execution of unsigned software in a hardcoded path...

CVE-2024-7344 Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.

Howyar UEFI Application "Reloader" 32-bit and 64-bit is vulnerable to execution of unsigned software in a hardcoded path...

CVE-2024-7344 Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.

Howyar UEFI Application "Reloader" 32-bit and 64-bit is vulnerable to execution of unsigned software in a hardcoded path...

CVE-2024-57811

In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The root password is hardcoded in the firmware. NOTE: This vulnerability appears in versions that are no longer supported by Eaton...

CVE-2024-57811

In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The root password is hardcoded in the firmware. NOTE: This vulnerability appears in versions that are no longer supported by Eaton...

CVE-2024-57811

In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The root password is hardcoded in the firmware. NOTE: This vulnerability appears in versions that are no longer supported by Eaton...

CVE-2024-57811

CVE-2024-57811 affects Eaton X303 firmware 3.5.16–3.5.17 Build 712. An attacker with network access to the XC-303 PLC can log in as root over SSH because the root password is hardcoded in the firmware. The advisory notes these vulnerable versions are no longer supported by Eaton. No patch/version...

CVE-2024-53522

Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information...

CVE-2024-53522

Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information...

CVE-2024-53522

CVE-2024-53522 affects Bangkok Medical Software HOSxP XE v4.64.11.3, with a root cause described as a hardcoded IDEA Key-IV pair in HOSxPXE4.exe and HOS-WIN32.INI components. This leakage enables attackers to access sensitive information. Multiple sources (NVD, Red Hat, CNNVD, CVE listings) confi...

CVE-2024-53522

Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information...

CVE-2024-41885 Hardcoding sensitive information

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. The seed string for the encrypt key was hardcoding. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds...

PT-2024-29616 · Nvr · Nvr

Name of the Vulnerable Software and Affected Versions: NVR affected versions not specified Description: A security research team, Team ENVY, has discovered a flaw that allows for remote code execution on the NVR. The issue stems from a hardcoded seed string for the encryption key. The manufacture...

CVE-2024-4996 Hardcoded Password in Wapro ERP Desktop

Use of a hard-coded password for a database administrator account created during Wapro ERP installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Wapro ERP installations. This issue affects Wapro ERP Desktop versions before 8.90....