CVE-2021-41170

neoan3-apps/template is a neoan3 minimal template engine. Versions prior to 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function...

Hardcoded credentials

neoan3-apps/template is a neoan3 minimal template engine. Versions prior to 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function...

CVE-2021-42371

lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30...

Hardcoded credentials

lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30...

CVE-2021-42371

CVE-2021-42371 describes a hardcoded system account named lpar2rrd in XoruX LPAR2RRD and STOR2RRD prior to version 7.30. Connected sources confirm the issue is tied to a persistent account credential in these products; exploitation details, affected versions beyond the pre-7.30 gap, and specific ...

CVE-2021-42371

lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30...

PT-2021-23601 · Xorux · Lpar2Rrd +1

Name of the Vulnerable Software and Affected Versions: LPAR2RRD and STOR2RRD versions prior to 7.30 Description: The issue concerns a hardcoded system account named lpar2rrd in XoruX LPAR2RRD and STOR2RRD. Recommendations: For versions prior to 7.30, update to version 7.30 or later to resolve the...

Hardcoded credentials

In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. This payload will execute globally on the client side...

Hardcoded credentials

The Hashthemes Demo Importer Plugin = 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of...

Hardcoded credentials

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network position may be able to bypass HSTS...

PT-2021-7218 · Owl · Owl Labs Meeting Owl

Name of the Vulnerable Software and Affected Versions: Owl Labs Meeting Owl version 5.2.0.15 Description: The issue is related to the implementation of Bluetooth Low Energy BLE technology in the microprogram of the Meeting Owl Pro camera for video conferencing. It involves the use of a hardcoded...

CVE-2021-41320

A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 64-bit edition with higher privilege than the average authenticated user. NOTE: the vendor disputes this because the password is not hardcoded it can be changed during installation or at any later time...

CVE-2021-41320

A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 64-bit edition with higher privilege than the average authenticated user. NOTE: the vendor disputes this because the password is not hardcoded it can be changed during installation or at any later time...

Hardcoded credentials

A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 64-bit edition with higher privilege than the average authenticated user...

CVE-2021-41320

A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 64-bit edition with higher privilege than the average authenticated user. NOTE: the vendor disputes this because the password is not hardcoded it can be changed during installation or at any later time...

CVE-2021-41320

CVE-2021-41320 affects Wallstreet Suite TRM 7.4.83 (64-bit). The vulnerability arises from a technical user with higher privileges due to hardcoded credentials claim (vendor disputes this claim by noting the password can be changed during installation or later). Public risk detail is limited to c...

8x8: Hardcoded AWS credentials in ███████.msi

A hardcoded AWS access token was discovered within an MSI file available for download on the 8x8 site. The researcher was able to demonstrate access to 8x8 AWS infrastructure. The token was promptly restricted...

Hardcoded credentials

Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Hardcoded credentials

Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Moxa MXview Hardcoded Password Vulnerability

Moxa MXview is a network management software used to monitor and diagnose industrial networks.Moxa MXview is vulnerable to a hard-coded password vulnerability. An attacker could exploit this vulnerability to gain access through an account using the default password...