Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hard-coded vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-332192
An undocumented, administrative-level, hard-coded web application account exists in the IoT Controller OVA which cannot be changed by the customer.
9.8
CVSSv3
CVE-2023-2611
Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users.
Advantech R-seenet
9.8
CVSSv3
CVE-2016-2343
Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote malicious users to obtain sensitive Dental.DB patient information via SQL statements.
Patterson Dental Eaglesoft 17.0
9.8
CVSSv3
CVE-2016-2362
Fonality (previously trixbox Pro) 12.6 up to and including 14.1i prior to 2016-06-01 has a hardcoded password for the FTP account, which allows remote malicious users to obtain access via a (1) FTP or (2) SSH connection.
Fonality Fonality 12.6
Fonality Fonality 12.8
Fonality Fonality 14.1i
7.8
CVSSv3
CVE-2016-2363
Fonality (previously trixbox Pro) 12.6 up to and including 14.1i prior to 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account.
Fonality Fonality 12.6
Fonality Fonality 14.1i
Fonality Fonality 12.8
7.5
CVSSv3
CVE-2016-2364
The Chrome HUDweb plugin prior to 2016-05-05 for Fonality (previously trixbox Pro) 12.6 up to and including 14.1i uses the same hardcoded private key across different customers' installations, which allows remote malicious users to defeat cryptographic protection mechanisms ...
Fonality Hud Web
Fonality Fonality 12.8
Fonality Fonality 12.6
Fonality Fonality 14.1i
9.8
CVSSv3
CVE-2013-6236
IZON IP 2.0.2: hard-coded password vulnerability
Izoncam Izon Ip Firmware 2.0.2
1 EDB exploit
7.3
CVSSv3
CVE-2021-31477
This vulnerability allows remote malicious users to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware an...
Ge Reason Rpv311 Firmware 14a03
6.8
CVSSv3
CVE-2021-31505
This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3_278. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted into a spe...
Arlo Q Plus Firmware 1.9.0.3 278
8.8
CVSSv3
CVE-2021-28111
Draeger X-Dock Firmware prior to 03.00.13 has Hard-Coded Credentials, leading to remote code execution by an authenticated attacker.
Draeger X-dock Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »