Total
1224 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44720 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-02-27 | N/A | 7.2 HIGH |
| In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role. | |||||
| CVE-2024-1344 | 2024-02-20 | N/A | 6.8 MEDIUM | ||
| Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of 'LOF_service.exe' and 'LaborOfficeFree.exe' located in the '%programfiles(x86)%\LaborOfficeFree\' directory. This user can log in remotely and has root-like privileges. | |||||
| CVE-2023-6255 | 2024-02-15 | N/A | 7.5 HIGH | ||
| Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable.This issue affects SoliPay Mobile App: before 5.0.8. | |||||
| CVE-2023-4539 | 2024-02-15 | N/A | 7.5 HIGH | ||
| Use of a hard-coded password for a special database account created during Comarch ERP XL installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Comarch ERP XL installations. This issue affects ERP XL: from 2020.2.2 through 2023.2. | |||||
| CVE-2024-0390 | 2024-02-15 | N/A | N/A | ||
| INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit "reQnet iZZi".This issue affects "iZZi connect" application versions before 2024010401. | |||||
| CVE-2024-22313 | 1 Ibm | 1 Storage Defender Resiliency Service | 2024-02-15 | N/A | 7.8 HIGH |
| IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749. | |||||
| CVE-2023-6409 | 2024-02-14 | N/A | 7.7 HIGH | ||
| CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert. | |||||
| CVE-2008-1160 | 1 Zyxel | 2 Zywall 1050, Zywall 1050 Firmware | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges. | |||||
| CVE-2020-35296 | 1 Thinkadmin | 1 Thinkadmin | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access. | |||||
| CVE-2005-3803 | 1 Cisco | 2 Unified Wireless Ip Phone 7920, Unified Wireless Ip Phone 7920 Firmware | 2024-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-3716 | 1 Utstarcom | 2 F1000 Wi-fi, F1000 Wi-fi Firmware | 2024-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive information. | |||||
| CVE-2005-0496 | 1 Arkeia | 1 Network Backup | 2024-02-13 | 7.5 HIGH | 9.8 CRITICAL |
| Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands. | |||||
| CVE-2021-37555 | 1 Trixie | 2 Tx9 Automatic Food Dispenser, Tx9 Automatic Food Dispenser Firmware | 2024-02-13 | 10.0 HIGH | 9.8 CRITICAL |
| TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc). | |||||
| CVE-2008-2369 | 1 Redhat | 1 Satellite | 2024-02-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements. | |||||
| CVE-2008-0961 | 1 Emc | 1 Diskxtender | 2024-02-13 | 10.0 HIGH | 9.8 CRITICAL |
| EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface. | |||||
| CVE-2006-7142 | 1 Utimaco | 1 Safeguard | 2024-02-13 | 4.1 MEDIUM | 7.8 HIGH |
| The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive. | |||||
| CVE-2012-3503 | 2 Redhat, Theforeman | 2 Enterprise Linux Server, Katello | 2024-02-13 | 6.5 MEDIUM | 9.8 CRITICAL |
| The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token. | |||||
| CVE-2010-2772 | 1 Siemens | 2 Simatic Pcs 7, Simatic Wincc | 2024-02-13 | 6.9 MEDIUM | 7.8 HIGH |
| Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568. | |||||
| CVE-2010-2073 | 1 Debian | 1 Pyftpd | 2024-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP server. | |||||
| CVE-2010-1573 | 1 Linksys | 2 Wap54g, Wap54g Firmware | 2024-02-13 | 10.0 HIGH | 9.8 CRITICAL |
| Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi. | |||||