Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hard-coded vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-9493
The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the malicious user to learn the location of...
Mycarcontrols Mycar Controls
9.8
CVSSv3
CVE-2018-10578
An issue exists on WatchGuard AP100, AP102, and AP200 devices with firmware prior to 1.2.9.15, and AP300 devices with firmware prior to 2.0.0.10. Incorrect validation of the "old password" field in the change password form allows an malicious user to bypass validation o...
Watchguard Ap200 Firmware
Watchguard Ap102 Firmware
Watchguard Ap100 Firmware
Watchguard Ap300 Firmware
NA
CVE-2009-3710
RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote malicious users to gain privileges via port 8022.
Riorey Rios 4.7.0
Riorey Rios 4.6.6
1 EDB exploit
7.8
CVSSv3
CVE-2023-22360
Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and previous versions due to lack of error handling process even when an error was detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to informat...
Jtekt Screen Creator Advance 2 0.1.1.4
Jtekt Screen Creator Advance 2
NA
CVE-2001-0839
ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote malicious users to modify account information in the .htpasswd file via brute force password guessing.
Ibill Internet Billing Company Processing Plus
1 EDB exploit
NA
CVE-2006-4950
Cisco IOS 12.2 up to and including 12.4 prior to 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allow...
Cisco Ios 12.3\\(11\\)t4
Cisco Ios 12.3\\(11\\)t5
Cisco Ios 12.3\\(11\\)yf2
Cisco Ios 12.3\\(11\\)yf3
Cisco Ios 12.3\\(11\\)yr
Cisco Ios 12.3\\(11\\)ys
Cisco Ios 12.3\\(13a\\)
Cisco Ios 12.3\\(13a\\)bc
Cisco Ios 12.3\\(14\\)ym4
Cisco Ios 12.3\\(14\\)yq
Cisco Ios 12.3\\(15\\)
Cisco Ios 12.3\\(15b\\)
Cisco Ios 12.3\\(2\\)t3
Cisco Ios 12.3\\(2\\)t8
Cisco Ios 12.3\\(2\\)xe3
Cisco Ios 12.3\\(2\\)xe4
Cisco Ios 12.3\\(4\\)t1
Cisco Ios 12.3\\(4\\)t2
Cisco Ios 12.3\\(4\\)xd2
Cisco Ios 12.3\\(4\\)xe4
Cisco Ios 12.3\\(4\\)xk1
Cisco Ios 12.3\\(4\\)xk3
7.5
CVSSv3
CVE-2019-10920
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an u...
Siemens Logo\\!8 Bm Firmware
NA
CVE-2013-4866
The LIXIL Corporation My SATIS Genius Toilet application for Android has a hardcoded Bluetooth PIN, which allows physically proximate malicious users to trigger physical resource consumption (water or heat) or user discomfort.
Lixil My Satis Genius Toilet -
9.8
CVSSv3
CVE-2016-6532
DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote malicious users to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session.
Dexis Imaging Suite
NA
CVE-2005-2898
NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local user...
Filezilla Filezilla 2.2.15
Filezilla Filezilla 2.2.14b
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »