Lucene search
K

7574 matches found

Prion
Prion
added 2023/04/27 6:15 p.m.14 views

Hardcoded credentials

Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A...

7.5CVSS9.5AI score0.00621EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/04/25 7:15 p.m.28 views

CVE-2022-45291

PWS Personal Weather Station Dashboard PWSDashboard LTS December 2020 2012lts allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWSprintfile.php, PWSframetext.php, PWSlistfile.php, PWSwinter.php, and PWSeasyweathersetup.php endpoints. A contributing factor ...

7.2CVSS7.6AI score0.01326EPSS
Exploits1References2
Prion
Prion
added 2023/04/25 7:15 p.m.15 views

Hardcoded credentials

PWS Personal Weather Station Dashboard PWSDashboard LTS December 2020 2012lts allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWSprintfile.php, PWSframetext.php, PWSlistfile.php, PWSwinter.php, and PWSeasyweathersetup.php endpoints. A contributing factor ...

5.8CVSS7.6AI score0.01326EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/04/25 12:0 a.m.5 views

PT-2023-14639 · Unknown · Pws Personal Weather Station Dashboard

Name of the Vulnerable Software and Affected Versions: PWS Personal Weather Station Dashboard PWS Dashboard version 2012 lts Description: The issue allows remote code execution by injecting PHP code into settings.php. Attacks can use the "PWS printfile.php", "PWS frame text.php", "PWS...

7.2CVSS8.3AI score0.01326EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/04/25 12:0 a.m.34 views

CVE-2022-45291

PWS Personal Weather Station Dashboard PWSDashboard LTS December 2020 2012lts allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWSprintfile.php, PWSframetext.php, PWSlistfile.php, PWSwinter.php, and PWSeasyweathersetup.php endpoints. A contributing factor ...

7.8AI score0.01326EPSS
Exploits1References2
CVE
CVE
added 2023/04/25 12:0 a.m.46 views

CVE-2022-45291

CVE-2022-45291 affects the PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS 2012_lts. The vulnerability enables remote code execution by injecting PHP into settings.php, with exploitation paths including PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_ea...

7.2CVSS7.5AI score0.01326EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/25 12:0 a.m.8 views

CVE-2022-45291

PWS Personal Weather Station Dashboard PWSDashboard LTS December 2020 2012lts allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWSprintfile.php, PWSframetext.php, PWSlistfile.php, PWSwinter.php, and PWSeasyweathersetup.php endpoints. A contributing factor ...

8.3AI score0.01326EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/04/18 12:0 a.m.6 views

PT-2023-9169 · Unknown · Schuhfried

Name of the Vulnerable Software and Affected Versions: SCHUHFRIED version 8.22.00 Description: The issue is related to the use of hardcoded credentials in the SCHUHFRIED system, which can be exploited by a remote attacker to obtain access to protected information using a specially crafted curl...

9.8CVSS9.1AI score0.00805EPSS
Exploits1References8
OSV
OSV
added 2023/04/17 10:15 p.m.3 views

CVE-2023-24501

Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit...

9.8CVSS5.8AI score0.00621EPSS
Exploits0References1
NVD
NVD
added 2023/04/17 10:15 p.m.12 views

CVE-2023-24501

Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit...

9.8CVSS9.6AI score0.00621EPSS
Exploits0References1
Prion
Prion
added 2023/04/17 10:15 p.m.15 views

Hardcoded credentials

Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit...

7.5CVSS9.4AI score0.00621EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/17 12:0 a.m.5 views

PT-2023-19648 · Electra · Electra Central Ac Unit

Name of the Vulnerable Software and Affected Versions: Electra Central AC unit affected versions not specified Description: The issue concerns hardcoded credentials in unspecified code used by the Electra Central AC unit. There is no information provided about the estimated number of potentially...

9.8CVSS9.4AI score0.00621EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/04/17 12:0 a.m.5 views

CVE-2023-24501 Electra Central AC unit – Hardcoded Credentials

Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit...

9.8CVSS9.6AI score0.00621EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/17 12:0 a.m.23 views

CVE-2023-24501 Electra Central AC unit – Hardcoded Credentials

Electra Central AC unit – Hardcoded Credentials in unspecified code used by the unit...

9.8CVSS9.7AI score0.00621EPSS
Exploits0References1
CVE
CVE
added 2023/04/17 12:0 a.m.36 views

CVE-2023-24501

CVE-2023-24501 affects the Electra Central AC unit, where hardcoded credentials are present in unspecified code used by the unit. The security impact is high across confidentiality, integrity, and availability, with a network attack surface and no user interaction required. The available document...

9.8CVSS9.6AI score0.00621EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/04/16 2:15 a.m.31 views

CVE-2022-37255

TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603...

7.5CVSS7.6AI score0.04944EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2023/04/11 12:0 a.m.26 views

Siemens Scalance W-7xx Series Hard-coded SSL Certificate (CVE-2013-4651)

Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the- middle attacks against SSL sessions by leveraging the certificate's trust relationship. Th...

6.6CVSS5.5AI score0.00951EPSS
Exploits1References2
Prion
Prion
added 2023/04/10 2:15 p.m.21 views

Hardcoded credentials

The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to...

4.9CVSS5.5AI score0.00478EPSS
Exploits2References1Affected Software1
Huntr
Huntr
added 2023/04/10 1:11 p.m.30 views

Github token with wide access to Nuxt related repositories leaked in the wild

Description If you visit https://nuxt.com, you will find hardcoded Github token in the source code of the page - ghpYXegsf40mjoFZMPSdntLbrGIBRZYKf0i2FoK. This token has access to multiple repositories under nuxt , nuxtlabs and nuxt-themes Github organisations. https://github.com/nuxt Admin...

7.5CVSS9.2AI score0.0074EPSS
Exploits0
Prion
Prion
added 2023/04/10 5:15 a.m.16 views

Hardcoded credentials

This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...

5.8CVSS6.2AI score0.00463EPSS
Exploits1References1
Rows per page
Query Builder