7574 matches found
PT-2022-24114 · Unknown · Bilde2910 Hauk
Name of the Vulnerable Software and Affected Versions: bilde2910 Hauk version 1.6.1 Description: The issue concerns a hardcoded password in bilde2910 Hauk, which is blank by default. This password is hashed and stored in the config.php file on the server, as well as in clear-text on the Android...
Hauk 信任管理问题漏洞
Hauk is a fully open source, self-hosted location sharing service from the individual developer Marius Lindvall. A security vulnerability exists in Hauk v1.6.1, which stems from hardcoded passwords stored in plaintext in the config.php file on the server side and on the android client device...
Hardcoded cUSDT and cUSDC prices are dangerous to the system when those stablecoins depeg
Lines of code Vulnerability details Proof of Concept function getUnderlyingPriceCToken ctoken external override view returnsuint address underlying; //manual scope to pop symbol off of stack string memory symbol = ctoken.symbol; if compareStringssymbol, "cCANTO" underlying = addresswcanto; return...
Hardcoded prices are subject to be abused
Lines of code Vulnerability details Impact Hardcoded prices are subject to be abused which might address the protocol being drained. Proof of Concept There are 2 possible different issues of the Lending Protocol; 1. The attack surface/risk is not originated directly through the Canto protocol but...
Backdoor.Win32.Winshell.5_0 MVID-2022-0633 Hardcoded Credential
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/5bc5f72d19019a2fa3b75896e82ae1e5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Winshell.50 Vulnerability: Weak Hardcoded Credentials Description: The...
CVE-2022-40111
In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware...
CVE-2022-40111
In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware...
CVE-2022-40111
In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware...
Hardcoded credentials
In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware...
Hardcoded credentials
In TOTOLINK A860R V4.1.2cu.5182B20201027 there is a hard coded password for root in /etc/shadow.sample...
CVE-2022-40111
CVE-2022-40111 affects the TOTOLINK A3002R firmware (TOTOLINK-A3002R-He-V1.1.1-B20200824.0128). The issue is that, in the shadow.sample file, the root user is hardcoded in the firmware, enabling severe unauthorized access potential. The vendor-focused PT-2022-25214 report corroborates the shadow....
CVE-2022-40111
In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware...
CVE-2022-37841
CVE-2022-37841 affects TOTOLINK A860R (v4.1.2cu.5182_B20201027). The issue is a hard-coded root password stored in /etc/shadow.sample, enabling potential unauthorized root access. Connected sources confirm the model and file, with Red Hat and other feeds reiterating the same root password disclos...
TOTOLINK A3002R 信任管理问题漏洞
The TOTOLINK A3002R is a wireless dual-band Gigabit router from China's TOTOLINK Corporation that complies with the latest IEEE802.11ac Wave 2 standard. A security vulnerability exists in the TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 version, which originates from root being...
Aura - Python Source Code Auditing And Static Analysis On A Large Scale
Source code auditing and static code analysis Aura is a static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code published on PyPI. Project goals: provide an automated monitoring system over uploaded packages to PyPI, alert on...
CVE-2022-30318
Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of...
CVE-2022-30318
Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of...
Le-yan Personnel and Salary Management System 信任管理问题漏洞
Le-yan Personnel and Salary Management System is a personnel and salary management system from Le-yan, a Chinese company. A security vulnerability exists in the Le-yan Personnel and Salary Management System, which originates from having hard-coded database accounts and passwords in the site sourc...
Hardcoded credentials
Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh...
Hardcoded credentials
Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg...