Lucene search
K

7576 matches found

Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.4 views

PT-2023-5755 · Sonicwall +1 · Sonicwall Gms +2

Name of the Vulnerable Software and Affected Versions: SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier Description: The issue is related to hardcoded Tomcat application credentials in the SonicWall GMS and Analytics configuration file. This could...

9.8CVSS9.1AI score0.00591EPSS
Exploits0References7
Prion
Prion
added 2023/07/11 7:15 p.m.23 views

Hardcoded credentials

Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This...

5.8CVSS6.6AI score0.00535EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/07/10 2:15 a.m.18 views

Hardcoded credentials

SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes...

6.4CVSS9.3AI score0.00716EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/07/05 8:15 p.m.20 views

Hardcoded credentials

The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. This allows a local user to calculate the root password and escalate privileges...

4.3CVSS7.7AI score0.00271EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/07/05 7:15 p.m.15 views

Hardcoded credentials

AMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability...

6.5CVSS8.4AI score0.00399EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/07/05 7:15 p.m.11 views

Hardcoded credentials

AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability...

7.5CVSS9.2AI score0.00249EPSS
Exploits0References1Affected Software1
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.11 views

Potential Loss of Funds Due to Zero Slippage Hardcoding in TalosBaseStrategy#deposit

Lines of code Vulnerability details Impact In the deposit function within the TalosBaseStrategy contract, both slippage for two tokens amount0Min and amount1Min are hardcoded to zero. This can have severe implications as users may unintentionally accept a minimum of zero output tokens from a swap...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.11 views

Not using slippage parameter when interacting with AMMs

Lines of code Vulnerability details Impact The slippage parameters are hardcoded to 0, meaning the minimum amount can be 0. The absence of slippage protection causes transactions to be vulnerable to front running. This can result in users potentially losing their funds. Proof of Concept...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/03 12:0 a.m.14 views

Voting period hardcoded to 3 blocks

Lines of code Vulnerability details Impact Here in the Governance contract, the voting period is locked to 3 blocks. function votingPeriod public pure override returns uint256 return 3; function votingDelay public pure override returns uint256 return 1; This is a direct bug because if we take a...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/03 12:0 a.m.8 views

maxSupply in esLBR.sol is wrong

Lines of code Vulnerability details Impact Proof of Concept As mentioned in the docs in line 6 in esLBR.sol contract , the maximum supply will be 55 million . - The maximum amount that can be minted through the esLBRMinter contract is 55 million. But the maximum supply is hardcoded 100 million in...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/03 12:0 a.m.14 views

[M] Hardcoded address will not remain consistent across other chains

Lines of code Vulnerability details Impact The hardcoded address for the LBR token will not remain consistent across other chains, such as Polygon, Avalanche, Arbitrum and BSC for example. IEUSD0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2.balanceOfethlbrLpToken Proof of Concept Hardcoding the addre...

6.8AI score
Exploits0
Prion
Prion
added 2023/06/30 7:15 a.m.14 views

Hardcoded credentials

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service...

1.7CVSS4.9AI score0.00163EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/06/29 5:15 p.m.92 views

Hardcoded credentials

Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController...

5CVSS4.9AI score0.00413EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/06/29 12:0 a.m.20 views

Schneider Electric Modicon Use of Hard-coded Credentials (CVE-2019-6859)

A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers All versions of the following CPUs and Communication Module product references listed in the Security Notifications, which could cause the disclosure of FTP hardcoded credentials when using the Web server of the...

7.5CVSS7.3AI score0.0115EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/06/29 12:0 a.m.17 views

Schneider Electric Modicon Exposure of Sensitive Information to an Unauthorized Actor (CVE-2019-6852)

A CWE-200: Information Exposure vulnerability exists in Modicon Controllers M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions, which could cause the disclosure of FTP...

7.5CVSS7.4AI score0.01379EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/06/29 12:0 a.m.19 views

Schneider Electric BMX Use of Hard-coded Credentials (CVE-2019-6812)

A CWE-798 use of hardcoded credentials vulnerability exists in BMX- NOR-0200H with firmware versions prior to V1.7 IR 19 which could cause a confidentiality issue when using FTP protocol. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

7.2CVSS7.1AI score0.01165EPSS
Exploits0References3
0day.today
0day.today
added 2023/06/28 12:0 a.m.331 views

WordPress Social Login And Register 7.6.4 Authentication Bypass Vulnerability

Description: WordPress Social Login and Register Discord, Google, Twitter, LinkedIn = 7.6.4 – Authentication Bypass Affected Plugin: WordPress Social Login and Register Discord, Google, Twitter, LinkedIn Plugin Slug: woocommerce-abandoned-cart Affected Versions: = 7.6.4 CVE ID: CVE-2023-2982 CVSS...

9.8CVSS9.6AI score0.46947EPSS
Exploits4
OSV
OSV
added 2023/06/27 2:15 a.m.9 views

CVE-2023-3371

The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt an...

7.5CVSS5.8AI score0.00544EPSS
Exploits0References6
NVD
NVD
added 2023/06/27 2:15 a.m.26 views

CVE-2023-3371

The EmbedPress plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view...

7.5CVSS6AI score0.00544EPSS
Exploits0References6
Prion
Prion
added 2023/06/27 2:15 a.m.15 views

Hardcoded credentials

The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt an...

5CVSS7.5AI score0.00544EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder