Lucene search
K

7576 matches found

Huntr
Huntr
added 2023/04/10 1:11 p.m.30 views

Github token with wide access to Nuxt related repositories leaked in the wild

Description If you visit https://nuxt.com, you will find hardcoded Github token in the source code of the page - ghpYXegsf40mjoFZMPSdntLbrGIBRZYKf0i2FoK. This token has access to multiple repositories under nuxt , nuxtlabs and nuxt-themes Github organisations. https://github.com/nuxt Admin...

7.5CVSS9.2AI score0.0074EPSS
Exploits0
Prion
Prion
added 2023/04/10 5:15 a.m.16 views

Hardcoded credentials

This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...

5.8CVSS6.2AI score0.00463EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.241 views

Osprey Pump Controller 1.0.1 - Administrator Backdoor Access

Exploit Title: Osprey Pump Controller 1.0.1 - Administrator Backdoor Access Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage...

7.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/31 12:0 a.m.49 views

JVN#40604023: Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210

SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210 provided by Seiko Solutions Inc. contain multiple vulnerabilities listed below. Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2016-2183 Version| Vector| Score ---|---|--- CVSS v3|...

9.8CVSS8.7AI score0.95707EPSS
Exploits7
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.6 views

Hardcoded slippage can lead to user's transactions being front run

Lines of code Vulnerability details Vulnerability details Impact Since all the main function that the user execute implement slippage, attackers can front run any user transaction since the slippage amount is set to 1% on all the lines of code listed above. This can lead to sandwich attacks. Proo...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.15 views

Hardcoded poolFee in deposit() Function Cause Liquidity Depth Issue for Swap

Lines of code Vulnerability details Impact In deposit function we are using the hardcoded value of poolFee as 500 which limits the ability of liquidity providers to select the appropriate fee tier, potentially reducing the returns for liquidity providers. IWETHWETHADDRESS.depositvalue: msg.value;...

6.9AI score
Exploits0
OSV
OSV
added 2023/03/28 9:15 p.m.2 views

CVE-2023-28654

Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. The user is not visible in Usernames and Passwords menu list of the application and the password cannot be changed through...

9.8CVSS7.3AI score0.00771EPSS
Exploits1References1
NVD
NVD
added 2023/03/28 9:15 p.m.17 views

CVE-2023-28654

Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. The user is not visible in Usernames and Passwords menu list of the application and the password cannot be changed through...

9.8CVSS9.6AI score0.00771EPSS
Exploits1References1
Prion
Prion
added 2023/03/28 9:15 p.m.13 views

Hardcoded credentials

comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with parsedocument. This AST can then be converted to HTML via html::formatdocumentwithplugins. However, the HTML...

7.5CVSS9.1AI score0.01268EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2023/03/28 9:15 p.m.24 views

Hardcoded credentials

Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. The user is not visible in Usernames and Passwords menu list of the application and the password cannot be changed through...

7.5CVSS9.5AI score0.00771EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/03/28 8:3 p.m.67 views

CVE-2023-28654

CVE-2023-28654 affects the Osprey Pump Controller, version 1.01. A hidden administrative account with a hardcoded password exists, not visible in the usernames/passwords list, and cannot be changed through normal operation. The backdoor is in Mirage_ValidateSessionCode.x, allowing full access to ...

9.8CVSS9.6AI score0.00771EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/28 8:3 p.m.10 views

CVE-2023-28654 CVE-2023-28654

Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. The user is not visible in Usernames and Passwords menu list of the application and the password cannot be changed through...

9.8CVSS7AI score0.00771EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/03/28 8:3 p.m.19 views

CVE-2023-28654 CVE-2023-28654

Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. The user is not visible in Usernames and Passwords menu list of the application and the password cannot be changed through...

9.8CVSS9.8AI score0.00771EPSS
Exploits1References1
Prion
Prion
added 2023/03/28 1:15 p.m.15 views

Hardcoded credentials

A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 Build Nr. 1.2.23000.291...

6.4CVSS9AI score0.01442EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/28 12:0 a.m.7 views

PT-2023-7104 · Unknown · Osprey Pump Controller

Name of the Vulnerable Software and Affected Versions: Osprey Pump Controller version 1.01 Description: The issue is related to the use of hardcoded credentials in the Osprey Pump Controller software. This allows a remote attacker to gain full access to the web management interface configuration...

10CVSS9.4AI score0.00771EPSS
Exploits1References5
NVD
NVD
added 2023/03/27 9:15 p.m.25 views

CVE-2023-1076

A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAPNETADMIN, it may not always be the case, e.g., a non-root user only having that...

5.5CVSS6.4AI score0.00257EPSS
Exploits0References3
Prion
Prion
added 2023/03/27 9:15 p.m.35 views

Type confusion

A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAPNETADMIN, it may not always be the case, e.g., a non-root user only having that...

1.7CVSS6.1AI score0.00257EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/03/27 12:0 a.m.35 views

CVE-2023-1076

A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAPNETADMIN, it may not always be the case, e.g., a non-root user only having that...

5.5CVSS6.3AI score0.00257EPSS
Exploits0
Prion
Prion
added 2023/03/23 6:15 a.m.17 views

Hardcoded credentials

Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network...

7.5CVSS9.4AI score0.00675EPSS
Exploits0References1Affected Software8
Prion
Prion
added 2023/03/20 4:15 p.m.18 views

Hardcoded credentials

HTML Email Injection in Tribe29 Checkmk =2.1.0p23; =2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails...

4.9CVSS5.5AI score0.00399EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder