7562 matches found
Hardcoded credentials
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content...
Hardcoded credentials
Axeda agent All versions and Axeda Desktop Server for Windows All versions uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system...
Hardcoded credentials
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0...
Privilege Escalation
freetakserver is vulnerable to privilege escalation. The vulnerability exists due to a hardcoded Flask secret key allowing an attacker to create crafted cookies to bypass authentication or escalate privileges...
Hard coded credentials in FreeTAKServer
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
GHSA-F897-875P-23X7 Hard coded credentials in FreeTAKServer
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
Hard coded credentials in FreeTAKServer
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
Hardcoded credentials
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It mishandles software updates such that local third-party apps can provide a spoofed software update file that contains an arbitrary shell script and arbitrary ARM binary, where both will be executed as the root user with an...
CVE-2022-25510
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
PYSEC-2022-43135
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
Hardcoded credentials
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
PYSEC-2022-43135
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
CVE-2022-25510
The CVE-2022-25510 issue affects FreeTAKServer 1.9.8, where a hardcoded Flask secret key enables attackers to craft cookies to bypass authentication or escalate privileges. Root cause: the Flask secret key is stored in code/config instead of being externally supplied, compromising session integri...
CVE-2022-25510
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
Hardcoded credentials
Use of a hard-coded cryptographic key pair by the telnetdstartup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetdstartup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware...
Hardcoded credentials
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell...
CVE-2020-36517
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration...
Hardcoded credentials
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration...
CVE-2020-36517
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration...
Backdoor.Win32.DirectConnection.103 Weak Hardcoded Password
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/6a6ce3e7f24bf000d9a011a8f1905da8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.DirectConnection.103 1.0 RAT-Tool Vulnerability: Weak Hardcoded Password Description:...