hard-coded vulnerabilities and exploits

(subscribe to this query)

9.8

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Version 1.8.0 and prior have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer...

Deltaww Diaenergie

7.2

CVSSv3

A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later....

Qnap Qes Qnap Qes 2.1.1

NA

lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack....

Redhat Cloudforms 3.0 Management Engine 5.2.1 Redhat Cloudforms 3.0 Management Engine Redhat Cloudforms 3.0 Management Engine 5.2.1.6 Redhat Cloudforms 3.0 Management Engine 5.2.3.2 Redhat Cloudforms 3.0 Management Engine 5.2.2 Redhat Cloudforms 3.0 Management Engine 5.2 Redhat Cloudforms 3.0 Management Engine 5.2.3

5.5

CVSSv3

Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via...

Fortinet Forticlient

9.8

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin...

Dell Emc Secure Connect Gateway Policy Manager1 Github repository available

5.5

CVSSv3

Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors....

Unit4 Mik.starlight 7.9.5.24363

NA

Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database administrator password, which allows remote attackers to gain privileges....

Symantec Brightmail Antispam 4.0 Symantec Brightmail Antispam 6.0.1 Symantec Brightmail Antispam 5.5 Symantec Brightmail Antispam 6.0

7.5

CVSSv3

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of...

Fortinet Fortimanager Fortinet Fortianalyzer1 Github repository available

7.2

CVSSv3

The same hard-coded password in QSAN Storage Manager's in the firmware allows remote attackers to access the control interface with the administrator’s credential, entering the hard-coded password of the debug mode to execute the restricted system instructions. The...

Qsan Storage Manager

9.8

CVSSv3

WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded....

Wuzhicms Wuzhicms 4.1.0

Get Started

« PREV 1 2 3 4 5 6 7 8 9 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook