7554 matches found
ProGrade/Lierda Grill Temperature 1.00_50006 Hardcoded Credentials
Author: Tim Tepatti Website: tepatti.com Title: Hard-coded credentials on ProGrade/Lierda Grill Temperature Monitor CVE-2019-15304 Product: Grill Temperature Monitor Manufacturer: ProGrade / Lierda Affected Versions: V1.0050006 Tested Versions: V1.0050006 Vulnerability Type: Use of hard-coded...
CVE-2016-10928
The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users...
CVE-2016-10928
The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users...
Hardcoded credentials
The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users...
CVE-2016-10928
The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users...
CVE-2019-11030
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a gadget contained in a serialized object may...
CVE-2019-11030
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a gadget contained in a serialized object may...
Deserialization of untrusted data
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a gadget contained in a serialized object may...
CVE-2019-11030
Mirasys VMS (before v7.6.1 and before v8.3.2) is affected by CVE-2019-11030 due to insecure deserialization in Mirasys.Common.Utils.Security.DataCrypt within Common.dll (AuditTrailService in SMServer.exe). The vulnerability allows execution of a gadget contained in a serialized object with SYSTEM...
Hardcoded credentials
The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text...
Hardcoded credentials
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder...
CVE-2019-7594
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal SMP...
CVE-2019-7594
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal SMP...
Fortinet FortiRecorder 2.7.3 Hardcoded Password Vulnerability
Fortinet FortiRecorder 2.7.3 Hardcoded Password Vulnerability Original posting: https://xor.cat/2019/08/05/fortinet-fortirecorder-hardcoded-password/ Text archive available here: https://xor.cat/archive/2019/08/05/fortinet-fortirecorder-hardcoded-password.txt Background In June of 2019 I discover...
Fortinet FortiRecorder 2.7.3 Hardcoded Password
Original posting: https://xor.cat/2019/08/05/fortinet-fortirecorder-hardcoded-password/ Text archive available here: https://xor.cat/archive/2019/08/05/fortinet-fortirecorder-hardcoded-password.txt Background In June of 2019 I discovered a vulnerability in Fortinet's FortiRecorder1 product which...
CVE-2019-12797
A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle...
Hardcoded credentials
A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle...
CVE-2019-12797
A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle...
CVE-2019-12797
CVE-2019-12797 concerns a clone of the ELM327 OBD2 Bluetooth device that exposes a hardcoded PIN. The root cause is a hardcoded PIN allowing an attacker to send arbitrary commands to a vehicle’s OBD‑II bus. Affected is the Elm327 OBD2 Bluetooth device family (clone variants); impact includes arbi...
PT-2019-12948 · Elm Electronics · Elm327 Obd2 Bluetooth Device
Name of the Vulnerable Software and Affected Versions: ELM327 OBD2 Bluetooth device affected versions not specified Description: The issue concerns a clone version of an ELM327 OBD2 Bluetooth device that has a hardcoded PIN. This hardcoded PIN can be exploited to send arbitrary commands to an...