7581 matches found
PT-2022-6297 · Апекс-Вуз · Апекс-Вуз
Name of the Vulnerable Software and Affected Versions: Апекс-ВУЗ affected versions not specified Description: The issue is related to the use of hardcoded credentials in the Апекс-ВУЗ education automation system. Exploitation of this issue may allow a remote attacker to gain full access to the...
PT-2022-6464 · Mgt Commerce · Mgt-Commerce Cloudpanel
Name of the Vulnerable Software and Affected Versions: MGT-COMMERCE CloudPanel version 2.2.0 Description: The issue is related to the use of a static SSL certificate with a hardcoded cryptographic key in MGT-COMMERCE CloudPanel, which is shared across every installation. This could allow a remote...
Hardcoded credentials
The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks...
CVE-2022-38337
When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service DoS for the user if services like fail2ban are used...
Hardcoded credentials
When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service DoS for the user if services like fail2ban are used...
Mobatek MobaXterm 信任管理问题漏洞
Mobatek MobaXterm is a suite of terminal software from the French company Mobatek that integrates an enhanced terminal, an X server and a Unix command set GNU/Cygwin. A security vulnerability exists in Mobatek MobaXterm versions prior to v22.1, which originates when aborting an SFTP connection,...
PT-2022-24375 · Mobaxterm · Mobaxterm
Name of the Vulnerable Software and Affected Versions: MobaXterm versions prior to 22.1 Description: The issue occurs when aborting a SFTP connection, where a hardcoded password is sent to the server. This can be treated as an invalid login attempt by the server, potentially leading to a Denial o...
CVE-2022-38337
When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service DoS for the user if services like fail2ban are used...
CVE-2022-38337
When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service DoS for the user if services like fail2ban are used...
CVE-2022-38337
CVE-2022-38337 affects Mobatek MobaXterm prior to v22.1, where aborting a SFTP connection sends a hardcoded password to the server, which the server may treat as an invalid login and trigger a user DoS (e.g., via fail2ban). Root cause is hardcoded credentials during SFTP abort. Impact is Denial o...
PT-2022-5909 · Ami · Ami Megarac Baseboard Management Controller
Name of the Vulnerable Software and Affected Versions: AMI MegaRAC Baseboard Management Controller BMC affected versions not specified Description: The issue is related to the use of hardcoded credentials in the AMI MegaRAC Baseboard Management Controller BMC firmware. An attacker can exploit thi...
Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential unauthorized database access
How IBM Cloud caught us exploring its infrastructure and how a hardcoded secret eventually led to build artifact access and manipulation...
CVE-2022-44097
Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel...
CVE-2022-44097
Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel...
CVE-2022-44096
Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel...
CVE-2022-44096
Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel...
Hardcoded credentials
Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel...
Hardcoded credentials
Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel...
CVE-2022-44097
Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel...
CVE-2022-44096
Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel...