Lucene search
K

7572 matches found

Prion
Prion
added 2023/09/18 4:15 p.m.22 views

Hardcoded credentials

An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie...

6.5CVSS8.8AI score0.0116EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/09/18 12:0 a.m.19 views

CVE-2023-42328

An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie...

9AI score0.0116EPSS
Exploits1References3
CVE
CVE
added 2023/09/18 12:0 a.m.2537 views

CVE-2023-42328

PeppermintLabs Peppermint v0.2.4 and earlier are affected by a vulnerability where a hardcoded session cookie allows a remote attacker to obtain sensitive information and execute arbitrary code. Root cause: hardcoded session cookie in Peppermint; impact is high (CVE-2023-42328, CVSS v3.1: AV:N/AC...

8.8CVSS8.7AI score0.0116EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/18 12:0 a.m.4 views

PT-2023-28317 · Peppermintlabs · Peppermint

Name of the Vulnerable Software and Affected Versions: PeppermintLabs Peppermint versions 0.2.4 and earlier Description: The issue allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie. Recommendations: For PeppermintLabs Peppermint...

8.8CVSS8.6AI score0.0116EPSS
Exploits1References7
Prion
Prion
added 2023/09/13 1:15 p.m.18 views

Hardcoded credentials

A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...

4.3CVSS7.5AI score0.00191EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/09/12 12:15 p.m.12 views

CVE-2023-27169

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

6.5CVSS6.5AI score0.00263EPSS
Exploits0References4
OSV
OSV
added 2023/09/12 12:15 p.m.3 views

CVE-2023-27169

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

6.5CVSS5.8AI score0.00263EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/09/12 12:15 p.m.2 views

CVE-2023-27169

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

6.5CVSS6.6AI score0.00263EPSS
Exploits0References5
Prion
Prion
added 2023/09/12 12:15 p.m.25 views

Hardcoded credentials

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

6.4CVSS6.5AI score0.00263EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.4 views

PT-2023-20985 · Xpand It · Xpand It Write-Back Manager

Name of the Vulnerable Software and Affected Versions: Xpand IT Write-back manager version 2.3.1 Description: The issue arises from the use of a hardcoded salt in the license class configuration, leading to the generation of hardcoded and predictable symmetric encryption keys for license generati...

6.5CVSS6.3AI score0.00263EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2023/09/12 12:0 a.m.14 views

CVE-2023-27169

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

6.9AI score0.00263EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/09/12 12:0 a.m.19 views

CVE-2023-27169

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

6.7AI score0.00263EPSS
Exploits0References4
CVE
CVE
added 2023/09/12 12:0 a.m.43 views

CVE-2023-27169

CVE-2023-27169 affects Xpand IT Write-back manager version 2.3.1. A hardcoded salt in the license class configuration leads to generation of a hardcoded and predictable symmetric encryption key used for license generation and validation. Impact is described as creation/validation of licenses with...

6.5CVSS6.4AI score0.00263EPSS
Exploits0References4Affected Software1
Code423n4
Code423n4
added 2023/09/11 12:0 a.m.3 views

Return value of ETH

Lines of code Vulnerability details Impact It is recommended that the return values of ether transfers be checked, however if transfer to the hardcoded address fails, it does not revert. Proof of Concept uint256 sc = uint256uint1600x0000000000000000000000000000000000000000; assembly "memory-safe"...

6.9AI score
Exploits0
Prion
Prion
added 2023/09/10 1:15 a.m.14 views

Hardcoded credentials

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92...

3.6CVSS7.5AI score0.00356EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/09/10 1:15 a.m.20 views

Hardcoded credentials

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92...

1.9CVSS7.5AI score0.00399EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/09/08 5:15 p.m.29 views

Hardcoded credentials

The html/template package does not apply the proper rules for handling occurrences of " contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack...

5.8CVSS6.4AI score0.00798EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/09/07 1:15 p.m.2 views

CVE-2023-39421

The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted interaction with these services...

7.7CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2023/09/07 1:15 p.m.4 views

CVE-2023-39424

A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content such as a web shell component to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but c...

8.8CVSS6AI score0.00737EPSS
Exploits0References1
NVD
NVD
added 2023/09/07 1:15 p.m.14 views

CVE-2023-39424

A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content such as a web shell component to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but c...

9.9CVSS9.6AI score0.00737EPSS
Exploits0References1
Rows per page
Query Builder