7576 matches found
Hardcoded credentials
Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interactio...
PT-2022-5444 · Microsoft · Windows Portable Device Enumerator Service +1
Name of the Vulnerable Software and Affected Versions: Windows Portable Device Enumerator Service affected versions not specified Description: The issue is related to the use of a hardcoded cryptographic key in the Windows Portable Device Enumerator Service. This could allow an attacker to bypass...
PT-2022-5021 · Dell · Dell Enterprise Sonic Os
Name of the Vulnerable Software and Affected Versions: Dell Enterprise SONiC OS versions 4.0.0 through 4.0.1 Description: The issue is related to a cryptographic key vulnerability in SSH, where an unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorize...
Amount of ERC1155 tokens transferred is always 1.
Lines of code Vulnerability details Impact When a user signs an order to buy multiple ERC1155 tokens the amount of tokens transferred is hardcoded to be 1. This means although they expected to get n number of tokens for the total price of X they only get 1 and pay the total amount of X ETH. Proof...
Hardcoded credentials
FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the...
CVE-2022-39273 Default OAuth Authorization Server secret in FlyteAdmin
FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the...
PT-2022-24861 · Unknown · Flyteadmin
Name of the Vulnerable Software and Affected Versions: FlyteAdmin versions prior to 1.1.44 Description: The default authorization server's configuration settings contain a known hardcoded hashed password. Users who enable authentication without changing the default clientid hashes will be exposed...
Backdoor.Win32.NTRC MVID-2022-0646 Hardcoded Credential
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/273fd3f33279cc9c0378a49cf63d7a06.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NTRC Vulnerability: Weak Hardcoded Credentials Family: NTRC Type: PE32 MD5:...
CVE-2020-15331
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTHSECRETKEY in /opt/axess/etc/default/axess...
CVE-2020-15340
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/defaultaxess/axess/TR69/Handlers/turbolink/sshkeys/idrsa SSH key...
CVE-2020-15330
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APPKEY in /opt/axess/etc/default/axess...
CVE-2020-15340
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/defaultaxess/axess/TR69/Handlers/turbolink/sshkeys/idrsa SSH key...
CVE-2020-15330
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APPKEY in /opt/axess/etc/default/axess...
CVE-2020-15325
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication...
CVE-2020-15326
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem...
CVE-2020-15326
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem...
Hardcoded credentials
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTHSECRETKEY in /opt/axess/etc/default/axess...
Hardcoded credentials
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication...
Hardcoded credentials
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APPKEY in /opt/axess/etc/default/axess...
Hardcoded credentials
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/defaultaxess/axess/TR69/Handlers/turbolink/sshkeys/idrsa SSH key...