Lucene search
K

7573 matches found

ICS
ICS
added 2023/06/20 6:0 a.m.35 views

Advantech R-SeeNet

1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Advantech ​Equipment: R-SeeNet ​Vulnerability: Hard Coded Password, External Control of File Name or Path 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker...

9.8CVSS9.7AI score0.00668EPSS
Exploits0References10
Prion
Prion
added 2023/06/14 2:15 p.m.15 views

Hardcoded credentials

An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip...

5CVSS7.5AI score0.00703EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/06/14 8:15 a.m.21 views

Hardcoded credentials

A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...

5.8CVSS9.4AI score0.00932EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2023/06/14 12:0 a.m.25 views

Siemens SICAM A8000 Devices CPCI85 Firmware Hardcoded Credentials Vulnerability

The SICAM A8000 RTUs Remote Terminal Units series is a modular device family for remote control and automation applications in all areas of energy supply. A hard-coded credentials vulnerability exists in the Siemens SICAM A8000 Devices CPCI85 Firmware, which can be exploited by an attacker to log...

6.8CVSS6.8AI score0.00364EPSS
Exploits1References1
Prion
Prion
added 2023/06/13 9:15 p.m.18 views

Hardcoded credentials

Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie...

4.1CVSS8AI score0.00203EPSS
Exploits0References1Affected Software2
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.4 views

The utilization of a hardcoded time value is incorrect when deployed to blockchains other than Ethereum

Lines of code Vulnerability details Medium Title: The utilization of a hardcoded time value is incorrect when deployed to blockchains other than Ethereum Impact The hardcoded value of the MINAUCTIONDURATION constant in the Auction contract becomes problematic when deploying the contracts on faste...

6.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/06/08 9:15 p.m.5 views

CVE-2023-32751

Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript 1. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it i...

5.4CVSS6AI score0.02937EPSS
Exploits4References3
NVD
NVD
added 2023/06/08 9:15 p.m.13 views

CVE-2023-32751

Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript 1. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it i...

5.4CVSS5.3AI score0.02937EPSS
Exploits4References2
OSV
OSV
added 2023/06/08 9:15 p.m.19 views

CVE-2023-32751

Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript 1. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it i...

5.4CVSS6.5AI score
Exploits0References2
Prion
Prion
added 2023/06/08 9:15 p.m.19 views

Cross site scripting

Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript 1. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it i...

4.9CVSS5.4AI score0.02937EPSS
Exploits4References2Affected Software1
CVE
CVE
added 2023/06/08 12:0 a.m.57 views

CVE-2023-32751

CVE-2023-32751 affects Pydio Cells 4.1.2 and earlier. The vulnerability arises from presigned URL signing using secrets hardcoded in the JavaScript of the web app, enabling failure to constrain access to file downloads. An attacker can upload an HTML file and modify the download URL to serve the ...

5.4CVSS5.3AI score0.02937EPSS
Exploits4References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/08 12:0 a.m.9 views

CVE-2023-32751

Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript 1. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it i...

6.5AI score0.02937EPSS
Exploits4References2
Positive Technologies
Positive Technologies
added 2023/06/08 12:0 a.m.3 views

PT-2023-24000 · Pydio · Pydio Cells

Name of the Vulnerable Software and Affected Versions: Pydio Cells versions 4.1.2 and earlier Description: The issue allows for cross-site scripting XSS due to the exposure of secrets used to sign presigned URLs for file downloads. These secrets are hardcoded and accessible through the web...

5.4CVSS6.1AI score0.02937EPSS
Exploits4References6
Prion
Prion
added 2023/06/02 11:15 a.m.11 views

Hardcoded credentials

Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption...

5.8CVSS6.9AI score0.0051EPSS
Exploits0References1
NVD
NVD
added 2023/06/01 6:15 a.m.7 views

CVE-2022-4333

Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines...

9.8CVSS9.5AI score0.00851EPSS
Exploits1References1
Prion
Prion
added 2023/06/01 6:15 a.m.18 views

Hardcoded credentials

Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines...

7.5CVSS9.3AI score0.00851EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/06/01 5:36 a.m.4 views

CVE-2022-4333 Sprecher: Sprecon maintenance access with hardcoded credentials

Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines...

9.8CVSS7AI score0.00851EPSS
Exploits1References1
CVE
CVE
added 2023/06/01 5:36 a.m.50 views

CVE-2022-4333

CVE-2022-4333 concerns Sprecher Automation SPRECON-E CPU variants with hardcoded credentials that enable a remote attacker to take over the device. Multiple connected sources (Red Hat advisory, Tenable OT plugin, CVE records, and vendor/PT/security databases) consistently describe a vulnerability...

9.8CVSS9.5AI score0.00851EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/06/01 5:36 a.m.17 views

CVE-2022-4333 Sprecher: Sprecon maintenance access with hardcoded credentials

Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines...

9.8CVSS9.6AI score0.00851EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/06/01 4:15 a.m.4 views

CVE-2023-33778

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...

9.8CVSS7.3AI score0.00599EPSS
Exploits1References2
Rows per page
Query Builder