7575 matches found
Hardcoded credentials
Use of hard-coded credentials in some IntelR UnisonTM software before version 10.12 may allow an authenticated user user to potentially enable information disclosure via local access...
Hardcoded credentials
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Homework Helper App: before 6.2.3...
CVE-2023-37857
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to...
CVE-2023-37858
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password...
Hardcoded credentials
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password...
PT-2023-26968 · Softing · Softing Secure Integration Server
Name of the Vulnerable Software and Affected Versions: Softing Secure Integration Server affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. Although authentication is required to exploit this issue, the...
PT-2023-4529 · Phoenix Contact · Phoenix Contact Wp 6Xxx Series Web Panels
Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT WP 6xxx series web panels versions prior to 4.0.10 Description: The issue is related to the use of hardcoded credentials in the web panels for managing and monitoring processes in industrial systems. An authenticated, remote...
PT-2023-4515 · Phoenix Contact · Phoenix Contact Wp 6Xxx Series Web Panels
Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT WP 6xxx series web panels versions prior to 4.0.10 Description: The issue is related to the use of hardcoded credentials in PHOENIX CONTACT WP 6xxx series web panels. An authenticated, remote attacker with admin privileges can...
Hardcoded slippage of 95% may not be ideal if liquidity is low or during market volatility, may result in revert when depositing or withdrawing
Lines of code Vulnerability details Impact Larger Deposits and/or withdraw may not work with a 95% slippage parameter. If there are many swaps going on, the slippage should be less restrictive to allow for deposits/withdraws. Proof of Concept In TokenisableRange.sol, the slippage is hardcoded at...
CVE-2023-33371
Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication...
CVE-2023-33371
Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication...
CVE-2023-33371
CVE-2023-33371 affects Control ID IDSecure 4.7.26.0 and earlier. The vulnerability arises from a hardcoded cryptographic key used to sign and verify JWT session tokens, enabling an attacker to forge tokens and bypass authentication. Exploitation details are not provided in these documents, but th...
PT-2023-24320 · Control Id · Idsecure
Name of the Vulnerable Software and Affected Versions: Control ID IDSecure versions 4.7.26.0 and prior Description: The issue allows attackers to sign arbitrary session tokens and bypass authentication due to the use of a hardcoded cryptographic key for signing and verifying JWT session tokens...
Hardcoded credentials
TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password PIN: 385521, 843646, and 592671...
Hardcoded credentials
Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions...
CVE-2023-3947
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapiencryptdecrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meetin...
CVE-2023-3947
CVE-2023-3947 affects the WordPress plugin “Video Conferencing with Zoom”. A hardcoded encryption key in vczapi_encrypt_decrypt allows unauthenticated attackers to decrypt and view meeting IDs and passwords for versions up to and including 4.2.1. A fix is available in 4.2.2 (per PatchStack) and i...
CVE-2023-3947
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapiencryptdecrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meetin...
PT-2023-26960 · WordPress · Video Conferencing With Zoom
Name of the Vulnerable Software and Affected Versions: Video Conferencing with Zoom plugin for WordPress versions up to, and including, 4.2.1 Description: The issue is related to Sensitive Information Exposure due to a hardcoded encryption key in the vczapi encrypt decrypt function. This allows...
Hardcoded credentials
An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the...