7576 matches found
CVE-2022-26119
Affected software : Fortinet FortiSIEM versions prior to 6.5.0. Vulnerability : Improper authentication allowing a local attacker with CLI access to perform operations on the Glassfish server via a hardcoded password. The root cause is hardcoded/default credentials used when connecting to Glassfi...
PT-2022-5475 · Cisco · Cisco Email Security Appliance +2
Name of the Vulnerable Software and Affected Versions: Cisco Email Security Appliance affected versions not specified Cisco Secure Email and Web Manager affected versions not specified Cisco Secure Web Appliance affected versions not specified Description: The issue is related to the use of a...
FortiSIEM - Glassfish local credentials stored in plain text
An improper authentification vulnerability CWE-287 in FortiSIEM may allow a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...
PT-2022-5759 · Fortinet · Fortisiem
Name of the Vulnerable Software and Affected Versions: Fortinet FortiSIEM versions prior to 6.5.0 Description: The issue is related to improper authentication in Fortinet FortiSIEM, allowing a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded...
GO-2022-1043 Hardcoded hashed password in github.com/flyteorg/flyteadmin
Default authorization server's configuration settings contain a known hardcoded hashed password. Users who enable auth but do not override this setting may unknowingly allow public traffic in by way of this default password with attackers effectively impersonating propeller...
Hardcoded credentials
A Regular Expression Denial of Service ReDoS flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js...
operator role it's handled in a way that can damage the protocol
Lines of code Vulnerability details operator role it's handled in a way that can damage the protocol Impact Same logic is being deployed several times, for maintainability is hardly recommended to not copy paste same logic many times but inherit it. Also there is an issue in BorrowController with...
Hardcoded credentials
A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. Use of a hard-coded root password can lead to arbitrary command execution. An attacker can authenticate with hard-coded credentials to trigger this vulnerability...
Hardcoded credentials
Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle MitM attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0...
Hardcoded credentials
Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it...
CVE-2022-3203
On ORing net IAP-420+ with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot...
CVE-2022-3203
On ORing net IAP-420+ with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot...
Hardcoded credentials
On ORing net IAP-420+ with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot...
CVE-2022-3203 ORing net IAP-420(+) Hidden Functionality
On ORing net IAP-420+ with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot...
CVE-2022-3203
The CVE-2022-3203 issue affects ORing Net IAP-420(+) with firmware 2.0m. The root cause is a telnet server that is enabled by default and cannot be permanently disabled, permitting access via LAN/WiFi with hardcoded credentials that reset to defaults on every reboot. This yields an administrative...
Upgraded Q -> M from 336 [1666364078201]
Judge has assessed an item in Issue 336 as Medium risk. The relevant finding follows: Using transfer For Sending Ether Permalinks Description The transfer and send functions forward a fixed amount of 2300 gas. Historically, it has often been recommended to use these functions for value transfers ...
PT-2022-21056 · Oring · Oring Net Iap-420
Name of the Vulnerable Software and Affected Versions: ORing net IAP-420+ version 2.0m Description: The issue allows unauthorized access to the device via telnet, using hardcoded credentials, which provides an administrative shell. These credentials reset to defaults with every reboot, allowing...
Hardcoded credentials
The web app client of TP-Link AX10v1 V1211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attac...
PT-2022-26691 · Goadmin · Go-Admin
Name of the Vulnerable Software and Affected Versions: go-admin aka GO Admin version 2.0.12 Description: The issue concerns the use of a hardcoded string 'go-admin' as a production JWT key in go-admin. Recommendations: For go-admin version 2.0.12, update the JWT key to a secure, randomly generate...
Backdoor.Win32.Redkod.d MVID-2022-0649 Hardcoded Credential
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/bb309bdd071d5733efefe940a89fcbe8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Redkod.d Vulnerability: Weak Hardcoded Credentials Description: The malware...