Hardcoded credentials

Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox URL bar via a crafted HTML page...

CVE-2021-27952

Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console...

CVE-2021-27952

Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console...

Hardcoded credentials

Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console...

CVE-2021-27952

Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console...

CVE-2021-27952

CVE-2021-27952 affects Ecobee3 Lite with firmware 4.5.81.200, where hardcoded default root credentials grant access to the password-protected bootloader environment via the serial console. Public references from NVD list a CVSS v3.1 base score of 9.8 (CRITICAL) with network access and no privileg...

CVE-2021-37163

An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded...

CVE-2021-37163

An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded...

Hardcoded credentials

An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded...

CVE-2021-37163

An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded...

CVE-2021-37163

CVE-2021-37163 affects Swisslog Healthcare Nexus HMI3 Control Panel (Nexus software before 7.2.5.7). The device has two hardcoded passwords and an insecure permissions issue, enabling potential unauthorized access over the network. Impact details are described as high/severe in the CVSS metrics. ...

Stripo Inc: Insecure Storage and Overly Permissive API Keys

Summary: I am surfing on the stripo.email website. I found a sensitive data including authentication key/secrettoken written in public accessible subdo. We found a aviaryApiKeyand other secretkey exposed in staging.empleio.stripo.email. Risk Factors: Most often Developers for their ease of...

Hardcoded credentials

This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...

Hardcoded credentials

Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is protected with a hard-coded password. A remote unauthenticated malicious user with the knowledge of the hard-coded password may login to the system and gain read-only...

Hardcoded credentials

NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service...

Hardcoded credentials

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could an attacker to gain...

Dell OpenManage Enterprise Hardcoded Credentails / Privilege Escalation / Deserialization

Dell OpenManage Enterprise versions up to 3.6.1 suffer from multiple hard-coded credential issues, multiple privilege escalation, weak permissions, authentication bypass, and other vulnerabilities. Please find a text-only version below sent to security mailing lists. The complete version on...

Allsafe - Intentionally Vulnerable Android Application

Allsafe is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable Android apps, this one is less like a CTF and more like a real-life application that uses modern libraries and technologies. Additionally, I have included some Frida based challenges...

Dell OpenManage Enterprise Hardcoded Credentails / Privilege Escalation / Deserialization

Hello, Please find a text-only version below sent to security mailing lists. The complete version on "Multiple vulnerabilities in Dell OpenManage Enterprise" is posted here: https://pierrekim.github.io/blog/2021-07-19-dell-openmanage-enterprise-0day-vulnerabilities.html === text-version of the...

CVE-2020-5349

Dell EMC Networking S4100 and S5200 Series Switches manufactured prior to February 2020 contain a hardcoded credential vulnerability. A remote unauthenticated malicious user could exploit this vulnerability and gain administrative privileges...