Lucene search
K

7574 matches found

Positive Technologies
Positive Technologies
added 2022/09/08 12:0 a.m.3 views

PT-2022-24114 · Unknown · Bilde2910 Hauk

Name of the Vulnerable Software and Affected Versions: bilde2910 Hauk version 1.6.1 Description: The issue concerns a hardcoded password in bilde2910 Hauk, which is blank by default. This password is hashed and stored in the config.php file on the server, as well as in clear-text on the Android...

7.5CVSS7.4AI score0.00385EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/09/08 12:0 a.m.3 views

Hauk 信任管理问题漏洞

Hauk is a fully open source, self-hosted location sharing service from the individual developer Marius Lindvall. A security vulnerability exists in Hauk v1.6.1, which stems from hardcoded passwords stored in plaintext in the config.php file on the server side and on the android client device...

7.5CVSS7.3AI score0.00385EPSS
Exploits0References3
Code423n4
Code423n4
added 2022/09/08 12:0 a.m.9 views

Hardcoded cUSDT and cUSDC prices are dangerous to the system when those stablecoins depeg

Lines of code Vulnerability details Proof of Concept function getUnderlyingPriceCToken ctoken external override view returnsuint address underlying; //manual scope to pop symbol off of stack string memory symbol = ctoken.symbol; if compareStringssymbol, "cCANTO" underlying = addresswcanto; return...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/08 12:0 a.m.11 views

Hardcoded prices are subject to be abused

Lines of code Vulnerability details Impact Hardcoded prices are subject to be abused which might address the protocol being drained. Proof of Concept There are 2 possible different issues of the Lending Protocol; 1. The attack surface/risk is not originated directly through the Canto protocol but...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2022/09/07 12:0 a.m.279 views

Backdoor.Win32.Winshell.5_0 MVID-2022-0633 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/5bc5f72d19019a2fa3b75896e82ae1e5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Winshell.50 Vulnerability: Weak Hardcoded Credentials Description: The...

7.4AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/09/06 5:15 p.m.4 views

CVE-2022-40111

In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware...

9.8CVSS7.3AI score0.00743EPSS
Exploits0References2
NVD
NVD
added 2022/09/06 5:15 p.m.11 views

CVE-2022-40111

In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware...

9.8CVSS0.00743EPSS
Exploits0References1
OSV
OSV
added 2022/09/06 5:15 p.m.3 views

CVE-2022-40111

In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware...

9.8CVSS5.8AI score0.00743EPSS
Exploits0References1
Prion
Prion
added 2022/09/06 5:15 p.m.14 views

Hardcoded credentials

In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware...

7.5CVSS9.4AI score0.00743EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/09/06 5:15 p.m.26 views

Hardcoded credentials

In TOTOLINK A860R V4.1.2cu.5182B20201027 there is a hard coded password for root in /etc/shadow.sample...

5CVSS7.7AI score0.00572EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/09/06 4:53 p.m.57 views

CVE-2022-40111

CVE-2022-40111 affects the TOTOLINK A3002R firmware (TOTOLINK-A3002R-He-V1.1.1-B20200824.0128). The issue is that, in the shadow.sample file, the root user is hardcoded in the firmware, enabling severe unauthorized access potential. The vendor-focused PT-2022-25214 report corroborates the shadow....

9.8CVSS9.3AI score0.00743EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/09/06 4:53 p.m.18 views

CVE-2022-40111

In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware...

9.7AI score0.00743EPSS
Exploits0References1
CVE
CVE
added 2022/09/06 4:39 p.m.63 views

CVE-2022-37841

CVE-2022-37841 affects TOTOLINK A860R (v4.1.2cu.5182_B20201027). The issue is a hard-coded root password stored in /etc/shadow.sample, enabling potential unauthorized root access. Connected sources confirm the model and file, with Red Hat and other feeds reiterating the same root password disclos...

7.5CVSS7.6AI score0.00572EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/09/06 12:0 a.m.5 views

TOTOLINK A3002R 信任管理问题漏洞

The TOTOLINK A3002R is a wireless dual-band Gigabit router from China's TOTOLINK Corporation that complies with the latest IEEE802.11ac Wave 2 standard. A security vulnerability exists in the TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 version, which originates from root being...

9.8CVSS8.3AI score0.00743EPSS
Exploits0References2
Kitploit
Kitploit
added 2022/09/05 11:30 a.m.39 views

Aura - Python Source Code Auditing And Static Analysis On A Large Scale

Source code auditing and static code analysis Aura is a static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code published on PyPI. Project goals: provide an automated monitoring system over uploaded packages to PyPI, alert on...

7.2AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/08/31 4:15 p.m.1 views

CVE-2022-30318

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of...

9.8CVSS7.5AI score0.01345EPSS
Exploits0References3
OSV
OSV
added 2022/08/31 4:15 p.m.3 views

CVE-2022-30318

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of...

9.8CVSS6AI score0.01345EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/30 12:0 a.m.1 views

Le-yan Personnel and Salary Management System 信任管理问题漏洞

Le-yan Personnel and Salary Management System is a personnel and salary management system from Le-yan, a Chinese company. A security vulnerability exists in the Le-yan Personnel and Salary Management System, which originates from having hard-coded database accounts and passwords in the site sourc...

9.8CVSS6.7AI score0.00984EPSS
Exploits0References2
Prion
Prion
added 2022/08/29 11:15 p.m.17 views

Hardcoded credentials

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh...

7.5CVSS9.6AI score0.00694EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/08/29 11:15 p.m.31 views

Hardcoded credentials

Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg...

7.5CVSS9.4AI score0.00694EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder