7572 matches found
Hardcoded credentials
An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie...
CVE-2023-42328
An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie...
CVE-2023-42328
PeppermintLabs Peppermint v0.2.4 and earlier are affected by a vulnerability where a hardcoded session cookie allows a remote attacker to obtain sensitive information and execute arbitrary code. Root cause: hardcoded session cookie in Peppermint; impact is high (CVE-2023-42328, CVSS v3.1: AV:N/AC...
PT-2023-28317 · Peppermintlabs · Peppermint
Name of the Vulnerable Software and Affected Versions: PeppermintLabs Peppermint versions 0.2.4 and earlier Description: The issue allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie. Recommendations: For PeppermintLabs Peppermint...
Hardcoded credentials
A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...
CVE-2023-27169
Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...
CVE-2023-27169
Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...
CVE-2023-27169
Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...
Hardcoded credentials
Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...
PT-2023-20985 · Xpand It · Xpand It Write-Back Manager
Name of the Vulnerable Software and Affected Versions: Xpand IT Write-back manager version 2.3.1 Description: The issue arises from the use of a hardcoded salt in the license class configuration, leading to the generation of hardcoded and predictable symmetric encryption keys for license generati...
CVE-2023-27169
Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...
CVE-2023-27169
Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...
CVE-2023-27169
CVE-2023-27169 affects Xpand IT Write-back manager version 2.3.1. A hardcoded salt in the license class configuration leads to generation of a hardcoded and predictable symmetric encryption key used for license generation and validation. Impact is described as creation/validation of licenses with...
Return value of ETH
Lines of code Vulnerability details Impact It is recommended that the return values of ether transfers be checked, however if transfer to the hardcoded address fails, it does not revert. Proof of Concept uint256 sc = uint256uint1600x0000000000000000000000000000000000000000; assembly "memory-safe"...
Hardcoded credentials
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92...
Hardcoded credentials
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92...
Hardcoded credentials
The html/template package does not apply the proper rules for handling occurrences of " contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack...
CVE-2023-39421
The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted interaction with these services...
CVE-2023-39424
A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content such as a web shell component to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but c...
CVE-2023-39424
A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content such as a web shell component to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but c...