Lucene search
K

7580 matches found

Vulnrichment
Vulnrichment
added 2023/09/02 12:31 p.m.9 views

CVE-2023-39982 MXsecurity Hardcoded Credential

A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle...

7.5CVSS6.3AI score0.00369EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/02 12:31 p.m.16 views

CVE-2023-39982 MXsecurity Hardcoded Credential

A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle...

7.5CVSS7.5AI score0.00369EPSS
Exploits0References1
NVD
NVD
added 2023/08/31 6:15 a.m.16 views

CVE-2023-3404

The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...

4.9CVSS4.8AI score0.0056EPSS
Exploits0References3
OSV
OSV
added 2023/08/31 6:15 a.m.4 views

CVE-2023-3404

The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...

4.9CVSS5.8AI score0.0056EPSS
Exploits0References3
Prion
Prion
added 2023/08/31 6:15 a.m.22 views

Hardcoded credentials

The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...

3.3CVSS4.8AI score0.0056EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/08/31 5:33 a.m.58 views

CVE-2023-3404

The CVE affects the ProfileGrid WordPress plugin up to version 5.5.0. The root cause is a hardcoded passphrase and IV in the pm_encrypt_decrypt_pass function, shared across sites. This allows an authenticated attacker with administrator-level permissions to decrypt and view users’ passwords. Impa...

4.9CVSS4.8AI score0.0056EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/08/31 12:0 a.m.4 views

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.9CVSS6.5AI score0.0056EPSS
Exploits0References4
Veracode
Veracode
added 2023/08/29 9:30 a.m.21 views

Hardcoded DNS Key

github.com/gravitl/netmaker uses a Hardcoded DNS Key. The vulnerability exists because the library does not securely set a DNS secret key, which allows an attacker to access DNS related API endpoints...

7.5CVSS6.7AI score0.03147EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/08/29 9:15 a.m.21 views

Hardcoded credentials

Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface MMI, allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled...

4.6CVSS8.3AI score0.00176EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/08/28 4:15 a.m.21 views

Hardcoded credentials

SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. An remote unauthenticated attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service...

7.5CVSS9.5AI score0.0064EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/08/28 4:15 a.m.20 views

Hardcoded credentials

SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-coded uBoot credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service...

7.5CVSS9.4AI score0.00619EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/25 6:38 p.m.35 views

Netmaker has Hardcoded DNS Secret Key

Impact Hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1" and "docker-compose up -d". This will...

7.5CVSS6.9AI score0.03147EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2023/08/24 10:15 p.m.25 views

Hardcoded credentials

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run docker pull...

5CVSS7.3AI score0.03147EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/08/24 9:23 p.m.47 views

CVE-2023-32077 Netmaker has Hardcoded DNS Secret Key

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run docker pull...

7.5CVSS7.5AI score0.03147EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/08/24 9:23 p.m.12 views

CVE-2023-32077 Netmaker has Hardcoded DNS Secret Key

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run docker pull...

7.5CVSS6.6AI score0.03147EPSS
Exploits0References4
Prion
Prion
added 2023/08/24 7:15 p.m.15 views

Hardcoded credentials

The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device...

6.5CVSS8.6AI score0.00691EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/08/24 12:0 a.m.20 views

Moxa NPort IAW5000A-I/O Series Hardcoded Credentials (CVE-2023-4204)

NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerability which poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate...

9.8CVSS8.3AI score0.00337EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2023/08/24 12:0 a.m.31 views

(Pwn2Own) HP LaserJet Pro M479fdw bksettings Hardcoded Cryptographic Key Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of HP LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Backup and Restore functionality. The issue results from a...

8.8CVSS7.5AI score0.00453EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/08/24 12:0 a.m.5 views

PT-2023-23588

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5 Description Hardcoded DNS key usage has been found in Netmaker, allowing unauthorized users to interact with DNS API endpoints. The issue is patched in version 0.17.1 an...

7.5CVSS6.9AI score0.03147EPSS
Exploits0References14
Prion
Prion
added 2023/08/23 8:15 p.m.21 views

Hardcoded credentials

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential...

4CVSS6.3AI score0.00168EPSS
Exploits0References1Affected Software87
Rows per page
Query Builder