7574 matches found
Hardcoded credentials
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A...
CVE-2022-45291
PWS Personal Weather Station Dashboard PWSDashboard LTS December 2020 2012lts allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWSprintfile.php, PWSframetext.php, PWSlistfile.php, PWSwinter.php, and PWSeasyweathersetup.php endpoints. A contributing factor ...
Hardcoded credentials
PWS Personal Weather Station Dashboard PWSDashboard LTS December 2020 2012lts allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWSprintfile.php, PWSframetext.php, PWSlistfile.php, PWSwinter.php, and PWSeasyweathersetup.php endpoints. A contributing factor ...
PT-2023-14639 · Unknown · Pws Personal Weather Station Dashboard
Name of the Vulnerable Software and Affected Versions: PWS Personal Weather Station Dashboard PWS Dashboard version 2012 lts Description: The issue allows remote code execution by injecting PHP code into settings.php. Attacks can use the "PWS printfile.php", "PWS frame text.php", "PWS...
CVE-2022-45291
PWS Personal Weather Station Dashboard PWSDashboard LTS December 2020 2012lts allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWSprintfile.php, PWSframetext.php, PWSlistfile.php, PWSwinter.php, and PWSeasyweathersetup.php endpoints. A contributing factor ...
CVE-2022-45291
CVE-2022-45291 affects the PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS 2012_lts. The vulnerability enables remote code execution by injecting PHP into settings.php, with exploitation paths including PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_ea...
CVE-2022-45291
PWS Personal Weather Station Dashboard PWSDashboard LTS December 2020 2012lts allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWSprintfile.php, PWSframetext.php, PWSlistfile.php, PWSwinter.php, and PWSeasyweathersetup.php endpoints. A contributing factor ...
PT-2023-9169 · Unknown · Schuhfried
Name of the Vulnerable Software and Affected Versions: SCHUHFRIED version 8.22.00 Description: The issue is related to the use of hardcoded credentials in the SCHUHFRIED system, which can be exploited by a remote attacker to obtain access to protected information using a specially crafted curl...
CVE-2023-24501
Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit...
CVE-2023-24501
Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit...
Hardcoded credentials
Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit...
PT-2023-19648 · Electra · Electra Central Ac Unit
Name of the Vulnerable Software and Affected Versions: Electra Central AC unit affected versions not specified Description: The issue concerns hardcoded credentials in unspecified code used by the Electra Central AC unit. There is no information provided about the estimated number of potentially...
CVE-2023-24501 Electra Central AC unit – Hardcoded Credentials
Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit...
CVE-2023-24501 Electra Central AC unit – Hardcoded Credentials
Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit...
CVE-2023-24501
CVE-2023-24501 affects the Electra Central AC unit, where hardcoded credentials are present in unspecified code used by the unit. The security impact is high across confidentiality, integrity, and availability, with a network attack surface and no user interaction required. The available document...
CVE-2022-37255
TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603...
Siemens Scalance W-7xx Series Hard-coded SSL Certificate (CVE-2013-4651)
Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the- middle attacks against SSL sessions by leveraging the certificate's trust relationship. Th...
Hardcoded credentials
The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to...
Github token with wide access to Nuxt related repositories leaked in the wild
Description If you visit https://nuxt.com, you will find hardcoded Github token in the source code of the page - ghpYXegsf40mjoFZMPSdntLbrGIBRZYKf0i2FoK. This token has access to multiple repositories under nuxt , nuxtlabs and nuxt-themes Github organisations. https://github.com/nuxt Admin...
Hardcoded credentials
This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...