Lucene search
K

7576 matches found

CVE
CVE
added 2022/11/02 12:0 a.m.66 views

CVE-2022-26119

Affected software : Fortinet FortiSIEM versions prior to 6.5.0. Vulnerability : Improper authentication allowing a local attacker with CLI access to perform operations on the Glassfish server via a hardcoded password. The root cause is hardcoded/default credentials used when connecting to Glassfi...

7.8CVSS7.5AI score0.00195EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/02 12:0 a.m.4 views

PT-2022-5475 · Cisco · Cisco Email Security Appliance +2

Name of the Vulnerable Software and Affected Versions: Cisco Email Security Appliance affected versions not specified Cisco Secure Email and Web Manager affected versions not specified Cisco Secure Web Appliance affected versions not specified Description: The issue is related to the use of a...

9CVSS8.4AI score0.00696EPSS
Exploits0References9
Fortinet
Fortinet
added 2022/11/01 12:0 a.m.54 views

FortiSIEM - Glassfish local credentials stored in plain text

An improper authentification vulnerability CWE-287 in FortiSIEM may allow a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

4.3CVSS7.1AI score0.00195EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/01 12:0 a.m.4 views

PT-2022-5759 · Fortinet · Fortisiem

Name of the Vulnerable Software and Affected Versions: Fortinet FortiSIEM versions prior to 6.5.0 Description: The issue is related to improper authentication in Fortinet FortiSIEM, allowing a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded...

7.8CVSS7.6AI score0.00195EPSS
Exploits0References4
OSV
OSV
added 2022/10/31 5:9 p.m.62 views

GO-2022-1043 Hardcoded hashed password in github.com/flyteorg/flyteadmin

Default authorization server's configuration settings contain a known hardcoded hashed password. Users who enable auth but do not override this setting may unknowingly allow public traffic in by way of this default password with attackers effectively impersonating propeller...

7.5CVSS6.1AI score0.0067EPSS
Exploits0References3
Prion
Prion
added 2022/10/31 12:15 p.m.18 views

Hardcoded credentials

A Regular Expression Denial of Service ReDoS flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js...

5CVSS7.9AI score0.01092EPSS
Exploits0References3Affected Software1
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.5 views

operator role it's handled in a way that can damage the protocol

Lines of code Vulnerability details operator role it's handled in a way that can damage the protocol Impact Same logic is being deployed several times, for maintainability is hardly recommended to not copy paste same logic many times but inherit it. Also there is an issue in BorrowController with...

6.9AI score
Exploits0
Prion
Prion
added 2022/10/25 5:15 p.m.12 views

Hardcoded credentials

A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. Use of a hard-coded root password can lead to arbitrary command execution. An attacker can authenticate with hard-coded credentials to trigger this vulnerability...

7.5CVSS9.7AI score0.01117EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/10/24 2:15 p.m.12 views

Hardcoded credentials

Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle MitM attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0...

4CVSS7.4AI score0.09946EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/10/24 2:15 p.m.21 views

Hardcoded credentials

Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it...

3.6CVSS6AI score0.00263EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/10/21 1:15 p.m.3 views

CVE-2022-3203

On ORing net IAP-420+ with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot...

9.8CVSS5.8AI score0.00851EPSS
Exploits1References1
NVD
NVD
added 2022/10/21 1:15 p.m.17 views

CVE-2022-3203

On ORing net IAP-420+ with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot...

9.8CVSS0.00851EPSS
Exploits1References1
Prion
Prion
added 2022/10/21 1:15 p.m.16 views

Hardcoded credentials

On ORing net IAP-420+ with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot...

7.5CVSS9.4AI score0.00851EPSS
Exploits1References1Affected Software2
Vulnrichment
Vulnrichment
added 2022/10/21 12:30 p.m.5 views

CVE-2022-3203 ORing net IAP-420(+) Hidden Functionality

On ORing net IAP-420+ with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot...

9.8CVSS9.6AI score0.00851EPSS
Exploits1References1
CVE
CVE
added 2022/10/21 12:30 p.m.59 views

CVE-2022-3203

The CVE-2022-3203 issue affects ORing Net IAP-420(+) with firmware 2.0m. The root cause is a telnet server that is enabled by default and cannot be permanently disabled, permitting access via LAN/WiFi with hardcoded credentials that reset to defaults on every reboot. This yields an administrative...

9.8CVSS9.6AI score0.00851EPSS
Exploits1References1Affected Software1
Code423n4
Code423n4
added 2022/10/21 12:0 a.m.8 views

Upgraded Q -> M from 336 [1666364078201]

Judge has assessed an item in Issue 336 as Medium risk. The relevant finding follows: Using transfer For Sending Ether Permalinks Description The transfer and send functions forward a fixed amount of 2300 gas. Historically, it has often been recommended to use these functions for value transfers ...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/10/21 12:0 a.m.8 views

PT-2022-21056 · Oring · Oring Net Iap-420

Name of the Vulnerable Software and Affected Versions: ORing net IAP-420+ version 2.0m Description: The issue allows unauthorized access to the device via telnet, using hardcoded credentials, which provides an administrative shell. These credentials reset to defaults with every reboot, allowing...

9.8CVSS9.3AI score0.00851EPSS
Exploits1References2
Prion
Prion
added 2022/10/18 3:15 p.m.17 views

Hardcoded credentials

The web app client of TP-Link AX10v1 V1211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attac...

2.6CVSS5.6AI score0.01084EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.4 views

PT-2022-26691 · Goadmin · Go-Admin

Name of the Vulnerable Software and Affected Versions: go-admin aka GO Admin version 2.0.12 Description: The issue concerns the use of a hardcoded string 'go-admin' as a production JWT key in go-admin. Recommendations: For go-admin version 2.0.12, update the JWT key to a secure, randomly generate...

9.8CVSS9.2AI score0.00764EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2022/10/17 12:0 a.m.215 views

Backdoor.Win32.Redkod.d MVID-2022-0649 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/bb309bdd071d5733efefe940a89fcbe8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Redkod.d Vulnerability: Weak Hardcoded Credentials Description: The malware...

7.4AI score
Exploits0
Rows per page
Query Builder