Lucene search
K

7575 matches found

Prion
Prion
added 2023/08/11 3:15 a.m.12 views

Hardcoded credentials

Use of hard-coded credentials in some IntelR UnisonTM software before version 10.12 may allow an authenticated user user to potentially enable information disclosure via local access...

1.7CVSS5.2AI score0.00156EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/08/09 9:15 a.m.13 views

Hardcoded credentials

Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Homework Helper App: before 6.2.3...

7.5CVSS9.5AI score0.0064EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/08/09 7:15 a.m.4 views

CVE-2023-37857

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to...

7.2CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2023/08/09 7:15 a.m.4 views

CVE-2023-37858

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password...

4.9CVSS5.8AI score0.00339EPSS
Exploits0References1
Prion
Prion
added 2023/08/09 7:15 a.m.38 views

Hardcoded credentials

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password...

3.3CVSS5.1AI score0.00339EPSS
Exploits0References1Affected Software6
Positive Technologies
Positive Technologies
added 2023/08/09 12:0 a.m.8 views

PT-2023-26968 · Softing · Softing Secure Integration Server

Name of the Vulnerable Software and Affected Versions: Softing Secure Integration Server affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. Although authentication is required to exploit this issue, the...

6.5CVSS5.3AI score0.0111EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/08/08 12:0 a.m.4 views

PT-2023-4529 · Phoenix Contact · Phoenix Contact Wp 6Xxx Series Web Panels

Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT WP 6xxx series web panels versions prior to 4.0.10 Description: The issue is related to the use of hardcoded credentials in the web panels for managing and monitoring processes in industrial systems. An authenticated, remote...

7.2CVSS6.9AI score0.00441EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/08/08 12:0 a.m.5 views

PT-2023-4515 · Phoenix Contact · Phoenix Contact Wp 6Xxx Series Web Panels

Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT WP 6xxx series web panels versions prior to 4.0.10 Description: The issue is related to the use of hardcoded credentials in PHOENIX CONTACT WP 6xxx series web panels. An authenticated, remote attacker with admin privileges can...

4.9CVSS5.1AI score0.00339EPSS
Exploits0References8
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.14 views

Hardcoded slippage of 95% may not be ideal if liquidity is low or during market volatility, may result in revert when depositing or withdrawing

Lines of code Vulnerability details Impact Larger Deposits and/or withdraw may not work with a 95% slippage parameter. If there are many swaps going on, the slippage should be less restrictive to allow for deposits/withdraws. Proof of Concept In TokenisableRange.sol, the slippage is hardcoded at...

6.7AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/08/03 1:15 a.m.3 views

CVE-2023-33371

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication...

9.8CVSS5.9AI score0.0085EPSS
Exploits0References3
OSV
OSV
added 2023/08/03 1:15 a.m.7 views

CVE-2023-33371

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication...

9.8CVSS5.9AI score0.0085EPSS
Exploits0References2
CVE
CVE
added 2023/08/03 12:0 a.m.2520 views

CVE-2023-33371

CVE-2023-33371 affects Control ID IDSecure 4.7.26.0 and earlier. The vulnerability arises from a hardcoded cryptographic key used to sign and verify JWT session tokens, enabling an attacker to forge tokens and bypass authentication. Exploitation details are not provided in these documents, but th...

9.8CVSS9.3AI score0.0085EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/03 12:0 a.m.8 views

PT-2023-24320 · Control Id · Idsecure

Name of the Vulnerable Software and Affected Versions: Control ID IDSecure versions 4.7.26.0 and prior Description: The issue allows attackers to sign arbitrary session tokens and bypass authentication due to the use of a hardcoded cryptographic key for signing and verifying JWT session tokens...

9.8CVSS7.4AI score0.0085EPSS
Exploits0References4
Prion
Prion
added 2023/07/27 9:15 p.m.15 views

Hardcoded credentials

TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password PIN: 385521, 843646, and 592671...

7.5CVSS9.4AI score0.00828EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/07/26 8:15 a.m.17 views

Hardcoded credentials

Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions...

5CVSS7.5AI score0.0299EPSS
Exploits0References2Affected Software11
OSV
OSV
added 2023/07/26 4:15 a.m.4 views

CVE-2023-3947

The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapiencryptdecrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meetin...

5.3CVSS7.3AI score0.00322EPSS
Exploits0References3
CVE
CVE
added 2023/07/26 3:34 a.m.2503 views

CVE-2023-3947

CVE-2023-3947 affects the WordPress plugin “Video Conferencing with Zoom”. A hardcoded encryption key in vczapi_encrypt_decrypt allows unauthenticated attackers to decrypt and view meeting IDs and passwords for versions up to and including 4.2.1. A fix is available in 4.2.2 (per PatchStack) and i...

5.3CVSS5.5AI score0.00322EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/26 3:34 a.m.8 views

CVE-2023-3947

The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapiencryptdecrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meetin...

3.7CVSS5.2AI score0.00322EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/26 12:0 a.m.7 views

PT-2023-26960 · WordPress · Video Conferencing With Zoom

Name of the Vulnerable Software and Affected Versions: Video Conferencing with Zoom plugin for WordPress versions up to, and including, 4.2.1 Description: The issue is related to Sensitive Information Exposure due to a hardcoded encryption key in the vczapi encrypt decrypt function. This allows...

5.3CVSS6.1AI score0.00322EPSS
Exploits0References7
Prion
Prion
added 2023/07/24 2:15 p.m.16 views

Hardcoded credentials

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the...

6.5CVSS8.5AI score0.00859EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder