Lucene search
K

7573 matches found

ATTACKERKB
ATTACKERKB
added 2022/08/18 11:15 p.m.3 views

CVE-2022-35540

Hardcoded JWT Secret in AgileConfig 1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access...

9.8CVSS7AI score0.01109EPSS
Exploits0References2
NVD
NVD
added 2022/08/18 11:15 p.m.18 views

CVE-2022-35540

Hardcoded JWT Secret in AgileConfig 1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access...

9.8CVSS0.01109EPSS
Exploits0References1
Prion
Prion
added 2022/08/18 11:15 p.m.13 views

Hardcoded credentials

Hardcoded JWT Secret in AgileConfig 1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access...

7.5CVSS9.5AI score0.01109EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/08/18 10:17 p.m.466 views

CVE-2022-35540

CVE-2022-35540 concerns AgileConfig prior to 1.6.8 where a hard-coded JWT secret in the server enables remote attackers to forge a token and gain administrator access. The issue, documented across multiple sources (Red Hat, GHSA, OSV, NVD), attributes the root cause to an inline secret, allowing ...

9.8CVSS9.5AI score0.01109EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/08/18 12:0 a.m.6 views

PT-2022-22898 · Unknown · Agileconfig

Name of the Vulnerable Software and Affected Versions: AgileConfig versions prior to 1.6.8 Description: The issue allows remote attackers to gain administrator access by utilizing a hardcoded JWT Secret in the AgileConfig Server. This can be achieved by using the generated JWT token...

9.8CVSS7.3AI score0.01109EPSS
Exploits0References6
Prion
Prion
added 2022/08/17 6:15 p.m.23 views

Hardcoded credentials

Certain 5400 RPM hard drives, for laptops and other PCs in approximately 2005 and later, allow physically proximate attackers to cause a denial of service device malfunction and system crash via a resonant-frequency attack with the audio signal from the Rhythm Nation music video. A reported produ...

2.1CVSS5.2AI score0.00398EPSS
Exploits0References3
Qualys Blog
Qualys Blog
added 2022/08/17 10:12 a.m.381 views

Atlassian Confluence: Questions for Confluence App Hardcoded Credentials Vulnerability (CVE-2022-26138)

Over the last few months, Atlassian Confluence has increasingly become a target for attackers. In June 2022, a critical severity OGNL Remote Code Execution vulnerability was disclosed CVE-2022-26134. More recently, CVE-2022-26138 was disclosed on social media platforms in July 2022. In...

7.5CVSS10AI score0.99999EPSS
Exploits76
Cvelist
Cvelist
added 2022/08/16 11:25 p.m.39 views

CVE-2022-1400 Hardcoded encryption key IV in Exago WebReportsApi.dll

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00...

7.1CVSS9.5AI score0.00681EPSS
Exploits0References1
Prion
Prion
added 2022/08/16 8:15 a.m.14 views

Hardcoded credentials

'Hulu / ????' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

5CVSS7.3AI score0.00575EPSS
Exploits0References1Affected Software1
Information Security Automation
Information Security Automation
added 2022/08/14 11:30 a.m.185 views

Vulnerability Management news and publications #2

Hello everyone! This is the second episode of Vulnerability Management news and publications. In fact, this is a collection of my posts from the avleonovcom and avleonovrus telegram channels. Therefore, if you want to read them earlier, subscribe to these channels. The main idea of ​​this episode...

10CVSS9.5AI score0.99999EPSS
Exploits154
ATTACKERKB
ATTACKERKB
added 2022/08/10 8:15 p.m.2 views

CVE-2022-35491

TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample...

9.8CVSS7.3AI score0.00703EPSS
Exploits0References2
OSV
OSV
added 2022/08/10 8:15 p.m.1 views

CVE-2022-35491

TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample...

9.8CVSS5.8AI score0.00703EPSS
Exploits0References1
NVD
NVD
added 2022/08/10 8:15 p.m.19 views

CVE-2022-35491

TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample...

9.8CVSS0.00703EPSS
Exploits0References1
Prion
Prion
added 2022/08/10 8:15 p.m.16 views

Hardcoded credentials

TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample...

7.5CVSS9.5AI score0.00703EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/09 4:25 p.m.22 views

CVE-2022-35491

TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample...

9.8AI score0.00703EPSS
Exploits0References1
CVE
CVE
added 2022/08/09 4:25 p.m.57 views

CVE-2022-35491

CVE-2022-35491 affects TOTOLINK A3002RU V3.0.0-B20220304.1804, with a hardcoded root password stored in /etc/shadow.sample. This is corroborated by multiple connected sources (NVD entry, Red Hat advisory, CNNVD, PRION) and confirms a high-severity issue (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H...

9.8CVSS9.4AI score0.00703EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/08/08 7:15 p.m.4 views

CVE-2021-41615

websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 or RFC 2617 section 3.2.1. NOTE:...

9.8CVSS7.1AI score0.01067EPSS
Exploits0References2
Prion
Prion
added 2022/08/08 7:15 p.m.20 views

Hardcoded credentials

websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 or RFC 2617 section 3.2.1. NOTE:...

7.5CVSS9.5AI score0.01067EPSS
Exploits0References2Affected Software1
Check Point Advisories
Check Point Advisories
added 2022/08/08 12:0 a.m.5 views

Atlassian Questions for Confluence App Hardcoded Credentials (CVE-2022-26138)

A hardcoded credentials vulnerability exists in Atlassian Questions for Confluence App. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...

4.8AI score0.9817EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/08/08 12:0 a.m.6 views

PT-2022-11443 · Goahead · Goahead Web Server

Name of the Vulnerable Software and Affected Versions: GoAhead WebServer version 2.1.8 Description: The issue arises from insufficient nonce entropy in the websda.c file of GoAhead WebServer. This is due to the nonce calculation relying on a hardcoded value, onceuponatimeinparadise, which does no...

9.8CVSS7.8AI score0.01067EPSS
Exploits0References5
Rows per page
Query Builder