Lucene search
K

7573 matches found

Prion
Prion
added 2023/07/19 4:15 p.m.16 views

Hardcoded credentials

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details:...

4CVSS6.3AI score0.00625EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/07/15 7:15 p.m.20 views

Hardcoded credentials

Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript...

4.9CVSS4.8AI score0.00458EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/07/13 10:15 a.m.24 views

Hardcoded credentials

Currently, geomap configuration Administration - General - Geographical maps allows using HTML in the field “Attribution text” when selected “Other” Tile provider...

4.9CVSS5.4AI score0.62046EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/07/13 3:15 a.m.7 views

CVE-2023-3342

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'uruploadprofilepic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with...

9.9CVSS8AI score0.01454EPSS
Exploits2References5
Prion
Prion
added 2023/07/13 3:15 a.m.34 views

Hardcoded credentials

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'uruploadprofilepic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with...

6.5CVSS9.4AI score0.01454EPSS
Exploits2References5Affected Software1
OSV
OSV
added 2023/07/13 2:15 a.m.6 views

CVE-2023-34130

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

9.8CVSS5.8AI score0.0026EPSS
Exploits0References2
Prion
Prion
added 2023/07/13 2:15 a.m.22 views

Hardcoded credentials

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

7.5CVSS9.3AI score0.0026EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2023/07/13 1:15 a.m.15 views

CVE-2023-34128

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

9.8CVSS0.00591EPSS
Exploits0References2
OSV
OSV
added 2023/07/13 1:15 a.m.5 views

CVE-2023-34128

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

9.8CVSS5.8AI score0.00591EPSS
Exploits0References2
Prion
Prion
added 2023/07/13 1:15 a.m.21 views

Hardcoded credentials

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

7.5CVSS9.4AI score0.00591EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2023/07/13 1:6 a.m.21 views

CVE-2023-34130

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

9.6AI score0.0026EPSS
Exploits0References2
CVE
CVE
added 2023/07/13 1:6 a.m.177 views

CVE-2023-34130

CVE-2023-34130 affects SonicWall GMS (versions 9.3.2-SP1 and earlier) and SonicWall Analytics (versions 2.5.0.4-R7 and earlier). The root cause is use of an outdated encryption algorithm (TEA) with a hardcoded key to encrypt sensitive data, per the CVE description. The NVD metrics indicate a CRIT...

9.8CVSS9.3AI score0.0026EPSS
In wildExploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2023/07/13 1:6 a.m.16 views

CVE-2023-34130

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

6.7AI score0.0026EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/07/13 12:58 a.m.11 views

CVE-2023-34128

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

7.2AI score0.00591EPSS
Exploits0References2
CVE
CVE
added 2023/07/13 12:58 a.m.162 views

CVE-2023-34128

The CVE maps to SonicWall GMS and Analytics where Tomcat credentials are hardcoded in the GMS/Analytics configuration file. Affected versions are SonicWall GMS 9.3.2-SP1 and earlier, and Analytics 2.5.0.4-R7 and earlier. Root cause: hardcoded Tomcat credentials in the configuration file, which ca...

9.8CVSS9.4AI score0.00591EPSS
In wildExploits0References2Affected Software2
CNNVD
CNNVD
added 2023/07/13 12:0 a.m.4 views

SonicWALL Analytics和GMS 安全漏洞

SonicWALL Analytics and SonicWALL GMS are both products of SonicWALL, Inc. of the U.S. SonicWALL Analytics is a high-performance management and reporting engine for the Web.SonicWALL GMS is a global management system. A powerful and intuitive solution for organizations, distributed enterprises an...

9.8CVSS8.3AI score0.00591EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/13 12:0 a.m.11 views

PT-2023-24339 · WordPress · User Registration

Name of the Vulnerable Software and Affected Versions: User Registration plugin for WordPress versions up to, and including, 3.0.2 Description: The issue arises from a hardcoded encryption key and missing file type validation on the ur upload profile pic function. This allows authenticated...

9.9CVSS9.6AI score0.01454EPSS
Exploits2References10
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.3 views

PT-2023-5755 · Sonicwall +1 · Sonicwall Gms +2

Name of the Vulnerable Software and Affected Versions: SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier Description: The issue is related to hardcoded Tomcat application credentials in the SonicWall GMS and Analytics configuration file. This could...

9.8CVSS9.1AI score0.00591EPSS
Exploits0References7
Prion
Prion
added 2023/07/11 7:15 p.m.23 views

Hardcoded credentials

Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This...

5.8CVSS6.6AI score0.00535EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/07/10 2:15 a.m.18 views

Hardcoded credentials

SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes...

6.4CVSS9.3AI score0.00716EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder