Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials Vulnerability

======================================================================= title: Multiple Critical Vulnerabilities product: Multiple Altus Sistemas de Automacao products: Nexto NX30xx Series Nexto NX5xxx Series Nexto Xpress XP3xx Series Hadron Xtorm HX3040 Series vulnerable version: See "Vulnerable...

Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: Multiple Altus Sistemas de Automacao products: Nexto NX30xx Series Nexto NX5xxx Series Nexto Xpress XP3xx Series Hadron Xtorm...

Hardcoded credentials

A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM...

CVE-2020-25565

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server...

CVE-2020-25565

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server...

CVE-2020-25560

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. W...

CVE-2020-25560

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. W...

Hardcoded credentials

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server...

Hardcoded credentials

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. W...

CVE-2020-25565

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server...

CVE-2020-25565

CVE-2020-25565 affects SapphireIMS 5.0. The issue is a hardcoded credential (username: sapphire, password: ims) that grants portal access. Once accessed, an attacker can inject malicious OS commands via the server-side functions for ping, traceroute, and snmp, enabling code execution on the serve...

CVE-2020-25560

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. W...

CVE-2020-25560

CVE-2020-25560 affects SapphireIMS 5.0. The vulnerability arises from hardcoded credentials (username: sapphire, password: ims) that allow unauthenticated access to the portal. Once access is gained, an attacker can inject OS commands via the server-side functions for ping, traceroute, and SNMP, ...

Tecknodreams SapphireIMS 操作系统命令注入漏洞

Tecknodreams SapphireIMS is an ITIL 2011 certified enterprise class service management system from Tecknodreams India. Tecknodreams SapphireIMS 5.0 suffers from an operating system command injection vulnerability that originates in SapphireIMS 5.0, where hardcoded credentials username: sapphire,...

Backdoor.Win32.IRCBot.gen Hardcoded Credential

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/bcfc89ca07bd0ad7b9396a0815c9fc39.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.IRCBot.gen Vulnerability: Hardcoded Weak Password Description: The malware listens on...

CVE-2013-6276

QNAP FVioCard 2312 and FVioGate 2308 have hardcoded entries in authorizedkeys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models...

Hardcoded credentials

QNAP FVioCard 2312 and FVioGate 2308 have hardcoded entries in authorizedkeys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models...

CVE-2013-6276

QNAP F_VioCard 2312 and F_VioGate 2308 are affected by hardcoded entries in authorized_keys. Active models are not affected; last affected model was EOL since 2010. Root cause: legacy authorization mechanism no longer used in active models. Mitigations include removing hardcoded keys (cited by PT...

The vulnerability of the “Blockhost-Net” information protection software allows a perpetrator to gain access to the protected information.

The vulnerability of the GIS.BlockPost.GUI application, a software tool for information protection, is related to the use of a symmetric encryption key defined in the program code. Exploiting this vulnerability could allow an attacker to decrypt files containing information about the program’s...

PT-2021-21367 · Showdoc · Showdoc

Name of the Vulnerable Software and Affected Versions: showdoc affected versions not specified Description: The issue concerns a missing cryptographic step in showdoc. Specifically, showdoc makes use of a hardcoded salt in its user password hash function. There is no information provided about th...