7573 matches found
Advantech R-SeeNet
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: R-SeeNet Vulnerability: Hard Coded Password, External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker...
Hardcoded credentials
An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip...
Hardcoded credentials
A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...
Siemens SICAM A8000 Devices CPCI85 Firmware Hardcoded Credentials Vulnerability
The SICAM A8000 RTUs Remote Terminal Units series is a modular device family for remote control and automation applications in all areas of energy supply. A hard-coded credentials vulnerability exists in the Siemens SICAM A8000 Devices CPCI85 Firmware, which can be exploited by an attacker to log...
Hardcoded credentials
Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie...
The utilization of a hardcoded time value is incorrect when deployed to blockchains other than Ethereum
Lines of code Vulnerability details Medium Title: The utilization of a hardcoded time value is incorrect when deployed to blockchains other than Ethereum Impact The hardcoded value of the MINAUCTIONDURATION constant in the Auction contract becomes problematic when deploying the contracts on faste...
CVE-2023-32751
Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript 1. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it i...
CVE-2023-32751
Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript 1. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it i...
CVE-2023-32751
Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript 1. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it i...
Cross site scripting
Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript 1. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it i...
CVE-2023-32751
CVE-2023-32751 affects Pydio Cells 4.1.2 and earlier. The vulnerability arises from presigned URL signing using secrets hardcoded in the JavaScript of the web app, enabling failure to constrain access to file downloads. An attacker can upload an HTML file and modify the download URL to serve the ...
CVE-2023-32751
Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript 1. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it i...
PT-2023-24000 · Pydio · Pydio Cells
Name of the Vulnerable Software and Affected Versions: Pydio Cells versions 4.1.2 and earlier Description: The issue allows for cross-site scripting XSS due to the exposure of secrets used to sign presigned URLs for file downloads. These secrets are hardcoded and accessible through the web...
Hardcoded credentials
Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption...
CVE-2022-4333
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines...
Hardcoded credentials
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines...
CVE-2022-4333 Sprecher: Sprecon maintenance access with hardcoded credentials
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines...
CVE-2022-4333
CVE-2022-4333 concerns Sprecher Automation SPRECON-E CPU variants with hardcoded credentials that enable a remote attacker to take over the device. Multiple connected sources (Red Hat advisory, Tenable OT plugin, CVE records, and vendor/PT/security databases) consistently describe a vulnerability...
CVE-2022-4333 Sprecher: Sprecon maintenance access with hardcoded credentials
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines...
CVE-2023-33778
Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...