Lucene search
K

7574 matches found

Prion
Prion
added 2022/09/26 2:15 p.m.39 views

Hardcoded credentials

A vulnerability named 'Non-Responsive Delegation Attack' NRDelegation Attack has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for...

5CVSS7.1AI score0.01259EPSS
Exploits0References6Affected Software2
CVE
CVE
added 2022/09/26 10:7 a.m.73 views

CVE-2022-36159

The CVE-2022-36159 issue affects Contec FXA3200 firmware version 1.13 and earlier, where a hard-coded root password stored in /etc/shadow is weak and crackable. An attacker with adjacent access could use this credential to reach the Wireless LAN Manager interface, enable Telnet, sniff traffic, or...

8.8CVSS8.8AI score0.00947EPSS
Exploits1References4Affected Software1
Packet Storm
Packet Storm
added 2022/09/26 12:0 a.m.261 views

Backdoor.Win32.Bingle.b MVID-2022-0643 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/eacaa12336f50f1c395663fba92a4d32.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Bingle.b Vulnerability: Weak Hardcoded Credentials Description: The malware...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/26 12:0 a.m.239 views

Backdoor.Win32.Psychward.b MVID-2022-0645 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/0b8cf90ab9820cb3fcb7f1d1b45e4e57.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Psychward.b Vulnerability: Weak Hardcoded Credentials Description: The...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.3 views

TOTOLINK T6 信任管理问题漏洞

TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. A trust management issue vulnerability exists in TOTOLINK T6 version V4.1.5cu.709B20210518, which stems from a hardcoded password for root in /etc/shadow.sample...

9.8CVSS8.3AI score0.00916EPSS
Exploits1References2
OSV
OSV
added 2022/09/13 10:15 p.m.4 views

CVE-2022-35413

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...

9.8CVSS5.8AI score0.12476EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/09/13 10:15 p.m.2 views

CVE-2022-35413

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...

9.8CVSS7.3AI score0.12476EPSS
Exploits0References6
NVD
NVD
added 2022/09/13 10:15 p.m.17 views

CVE-2022-35413

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...

9.8CVSS0.12476EPSS
Exploits0References3
Prion
Prion
added 2022/09/13 10:15 p.m.15 views

Hardcoded credentials

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...

7.5CVSS9.2AI score0.12476EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/09/13 10:0 p.m.79 views

CVE-2022-35413

WAPPLES Web Application Firewall

9.8CVSS9.3AI score0.12476EPSS
In wildExploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.4 views

PT-2022-22814 · Wapples · Wapples

Name of the Vulnerable Software and Affected Versions: WAPPLES versions through 6.0 Description: A threat actor could use a hardcoded systemi account to access the system configuration and confidential information, such as SSL keys, via an HTTPS request to the "/webapi/" URI on port 443 or 5001...

9.8CVSS9.1AI score0.12476EPSS
Exploits0References7
NVD
NVD
added 2022/09/08 4:15 p.m.11 views

CVE-2022-37857

bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default...

7.5CVSS0.00385EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/09/08 4:15 p.m.4 views

CVE-2022-37857

bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default...

7.5CVSS5.8AI score0.00385EPSS
Exploits0References3
OSV
OSV
added 2022/09/08 4:15 p.m.13 views

CVE-2022-37857

bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default...

7.5CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2022/09/08 4:15 p.m.18 views

Hardcoded credentials

bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default...

5CVSS7.5AI score0.00385EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/09/08 3:17 p.m.57 views

CVE-2022-37857

CVE-2022-37857 affects bilde2910 Hauk v1.6.1, where a hardcoded default password (blank) is hashed but stored in server-side config.php and also in plaintext on the Android client by default. This creates a persistent credential exposure risk that could enable unauthorized access if the default i...

7.5CVSS7.5AI score0.00385EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/09/08 8:15 a.m.12 views

Hardcoded credentials

Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command...

7.5CVSS9.6AI score0.00913EPSS
Exploits0References2Affected Software1
Code423n4
Code423n4
added 2022/09/08 12:0 a.m.7 views

Hardcoded USD pegs can be broken

Lines of code Vulnerability details Description The prices of USDC and USDT, which I assume are the underlying tokens of cUSDC and cUSDT, have been hardcoded to parity. Such practices are highly discouraged because while the likelihood of either stablecoin de-pegging is low, it is not zero. Becau...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/08 12:0 a.m.17 views

HARDCODED PRICES FOR STABLECOINS

Lines of code Vulnerability details Impact Hardcoded prices of stablecosins may open some arbitrage opportunities and produce many bad loans in CLM. Proof of Concept Hardcoding price of cUSDT and cUSDC as 1 may open some arbitrage opportunities when real price for each token is a little bit...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/08 12:0 a.m.13 views

USE SAME SYMBOL CAN GET FAKED PRICE OF TOKEN

Lines of code Vulnerability details Impact it compare symbol to identify token,it can be exploit to produce fake price of token. Proof of Concept attacker can create a token which is like cToken and has symbol of cNOTE .When somebody call comptroller’s liquidateCalculateSeizeTokens ,it will give ...

6.8AI score
Exploits0
Rows per page
Query Builder