Lucene search
K

7572 matches found

NVD
NVD
added 2023/09/07 1:15 p.m.17 views

CVE-2023-39421

The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted interaction with these services...

7.7CVSS7.6AI score0.00392EPSS
Exploits0References1
Prion
Prion
added 2023/09/07 1:15 p.m.35 views

Hardcoded credentials

A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content such as a web shell component to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but c...

6.5CVSS9AI score0.00737EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/09/07 1:15 p.m.22 views

Hardcoded credentials

The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted interaction with these services...

4CVSS7.5AI score0.00392EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/09/07 12:25 p.m.48 views

CVE-2023-39424

CVE-2023-39424 affects the RDPngFileUpload.dll component used by the IRM Next Generation booking system. The vulnerability allows a remote attacker to upload arbitrary content (e.g., a web shell) to the SQL database and execute it with SYSTEM privileges. Authentication is required for exploitatio...

9.9CVSS9.5AI score0.00737EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/09/07 12:25 p.m.15 views

CVE-2023-39424 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in RDPngFileUpload.dll

A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content such as a web shell component to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but c...

9.9CVSS10AI score0.00737EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/07 12:25 p.m.13 views

CVE-2023-39424 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in RDPngFileUpload.dll

A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content such as a web shell component to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but c...

9.9CVSS7.8AI score0.00737EPSS
Exploits0References1
CVE
CVE
added 2023/09/07 12:19 p.m.2486 views

CVE-2023-39421

CVE-2023-39421 involves the RDPWin.dll component used by the IRM Next Generation booking engine, which contains hardcoded API keys for third‑party services (Twilio, Vonage). The root cause is hardcoded credentials in RDPWin.dll, enabling unrestricted interaction with these services. NVD assigns a...

7.7CVSS7.6AI score0.00392EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/07 12:0 a.m.9 views

PT-2023-26942 · Twilio +1 · Twilio +1

Name of the Vulnerable Software and Affected Versions: IRM Next Generation booking engine affected versions not specified Description: The RDPWin.dll component includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted interaction with...

7.7CVSS7.5AI score0.00392EPSS
Exploits0References7
Prion
Prion
added 2023/09/06 10:15 a.m.26 views

Hardcoded credentials

Archer C50 firmware versions prior to 'Archer C50JPV3230505' and Archer C55 firmware versions prior to 'Archer C55JPV1230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command...

5.8CVSS8.8AI score0.00344EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2023/09/05 9:15 p.m.18 views

Hardcoded credentials

A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel...

7.5CVSS9.4AI score0.01144EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/04 12:0 a.m.9 views

PT-2023-4915 · Unknown · Super Store Finder

Name of the Vulnerable Software and Affected Versions: Super Store Finder version 3.6 Description: The issue is related to the use of hardcoded credentials in the Super Store Finder Google Maps API integration, allowing a remote attacker to gain access to the administration panel. A hardcoded...

10CVSS9.4AI score0.01144EPSS
Exploits1References9
Prion
Prion
added 2023/09/02 1:15 p.m.22 views

Hardcoded credentials

A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle...

2.6CVSS5.5AI score0.00369EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/02 12:31 p.m.9 views

CVE-2023-39982 MXsecurity Hardcoded Credential

A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle...

7.5CVSS6.3AI score0.00369EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/02 12:31 p.m.16 views

CVE-2023-39982 MXsecurity Hardcoded Credential

A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle...

7.5CVSS7.5AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2023/08/31 6:15 a.m.4 views

CVE-2023-3404

The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...

4.9CVSS5.8AI score0.0056EPSS
Exploits0References3
NVD
NVD
added 2023/08/31 6:15 a.m.16 views

CVE-2023-3404

The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...

4.9CVSS4.8AI score0.0056EPSS
Exploits0References3
Prion
Prion
added 2023/08/31 6:15 a.m.22 views

Hardcoded credentials

The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...

3.3CVSS4.8AI score0.0056EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/08/31 5:33 a.m.58 views

CVE-2023-3404

The CVE affects the ProfileGrid WordPress plugin up to version 5.5.0. The root cause is a hardcoded passphrase and IV in the pm_encrypt_decrypt_pass function, shared across sites. This allows an authenticated attacker with administrator-level permissions to decrypt and view users’ passwords. Impa...

4.9CVSS4.8AI score0.0056EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/08/31 12:0 a.m.4 views

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.9CVSS6.5AI score0.0056EPSS
Exploits0References4
Veracode
Veracode
added 2023/08/29 9:30 a.m.21 views

Hardcoded DNS Key

github.com/gravitl/netmaker uses a Hardcoded DNS Key. The vulnerability exists because the library does not securely set a DNS secret key, which allows an attacker to access DNS related API endpoints...

7.5CVSS6.7AI score0.03147EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder