The vulnerability of the software recovery and backup console of Veeam Recovery Orchestrator allows a perpetrator to escalate their privileges.

The vulnerability of the software recovery and backup console of Veeam Recovery Orchestrator lies in the use of rigidly encoded credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain increased privileges...

Schneider Electric EcoStruxure IT Gateway Trust Management Issue Vulnerability

Schneider Electric EcoStruxure IT Gateway is a suite of cloud-based Data Center Management-as-a-Service DMaaS products from Schneider Electric, France. A trust management issue vulnerability exists in Schneider Electric EcoStruxure IT Gateway version 1.20.x and prior versions, which stems from th...

CVE-2024-3700 Hardcoded password in Estomed Sp. z o.o. Simple Care software

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations. This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer...

CVE-2024-3700 Hardcoded password in Estomed Sp. z o.o. Simple Care software

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations. This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer...

CVE-2024-3699 Hardcoded password in drEryk Gabinet

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all drEryk Gabinet installations.This issue affects drEryk Gabinet software versions from 7.0.0.0 through 9.17.0.0...

CVE-2024-3699 Hardcoded password in drEryk Gabinet

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all drEryk Gabinet installations.This issue affects drEryk Gabinet software versions from 7.0.0.0 through 9.17.0.0...

CVE-2024-1228 Hardcoded password in Eurosoft Przychodnia

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations. This issue affects Eurosoft Przychodnia software before version 20240417.001 from that version...

Authentication Bypass / Remote Code Execution (RCE)

dtale is vulnerable to Authentication Bypass / Remote Code Execution RCE. The vulnerability is due to improper input validation and the presence of a hardcoded SECRETKEY in the Flask configuration, allowing attackers to forge a session cookie. Additionally, there is improper validation of custom...

Authentication bypass in dtale

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...

PYSEC-2024-117

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...

PYSEC-2024-117

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...

CVE-2024-3408 Authentication Bypass and RCE in man-group/dtale

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...

CVE-2024-36782

TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root...

CVE-2024-36782

TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root...

CVE-2024-36782

TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root...

PT-2024-27160 · Totolink · Totolink Cp300+

Name of the Vulnerable Software and Affected Versions: TOTOLINK CP300 version 2.0.4-B20201102 Description: A hardcoded password vulnerability was discovered in /etc/shadow.sample, allowing attackers to log in as root. This issue enables unauthorized access to the system. Recommendations: For...

CVE-2024-2420

LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements...

CVE-2024-2420

LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements...

CVE-2024-2420 LenelS2 NetBox Hardcoded Credentials

LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements...

CVE-2024-2420 LenelS2 NetBox Hardcoded Credentials

LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements...