Hitachi Energy TRO600 安全漏洞

The Hitachi Energy TRO600 is a series of routers from Hitachi, Ltd. of Japan Hitachi. It enables a scalable, flexible and secure hybrid wireless communications architecture. A security vulnerability exists in the Hitachi Energy TRO600 that stems from the configuration files of the TRO600 series o...

CVE-2024-4563

The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length...

CVE-2024-4563

The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length...

CVE-2024-4563 The Progress MOVEit Automation Configuration Export Function Uses a Cryptographic Method with Insufficient Bit Length

The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length...

CVE-2024-4563 The Progress MOVEit Automation Configuration Export Function Uses a Cryptographic Method with Insufficient Bit Length

The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length...

Progress Software Progress MOVEit Automation 安全漏洞

Progress Software Progress MOVEit Automation is a suite of hosted file transfer software from Progress Software, USA. The software supports features such as sensitive data transfer and workflow automation. A security vulnerability exists in Progress Software Progress MOVEit Automation that stems...

Swift Performance Lite <= 2.3.6.14 - Unauthenticated Configuration Export

Description The plugin does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens. curl --url 'http://vulnerable-site.tld/wp-admin/admin-post.php?luv-action=export'...

Export feature adds clear text password to the directories configuration on the zip file - Import fails with "Can't decrypt data"

h3. Problem When exporting a Bamboo configuration, the resulting zip file will contain clear-text passwords on db-export/directories.xml. This introduces a security issue and a broken import with the following error: code:java 2023-05-22 15:18:52,590 INFO main SecretEncryptionServiceImpl Can't...

InHand Networks InRouter302信息泄露漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. An information disclosure vulnerability exists in InHand Networks InRouter302 V3.5.4, which stems from the lack of effective protection of data by the router's configuration export feature. An attacker could exploit...

Information disclosure

An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability...

InHand Networks InRouter Series 信任管理问题漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. An information disclosure vulnerability exists in InHand Networks InRouter302 V3.5.4, which stems from the lack of effective protection of data by the router's configuration export feature. An attacker could exploit...

PT-2022-6204 · Inhand Networks · Inrouter302

Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter302 version 3.5.4 Description: An information disclosure issue exists in the router configuration export functionality. A specially-crafted network request can lead to increased privileges. An attacker can send an HTTP...

CVE-2021-44793

Single Connect does not perform an authorization check when using the sc-reports-ui" module. A remote attacker could exploit this vulnerability to access the device configuration page and export the data to an external file. The exploitation of this vulnerability might allow a remote attacker to...

Design/Logic Flaw

Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA all versions, EcoStruxure Geo SCADA Expert 2019 all versions, and EcoStruxure Geo SCADA Expert 2020 V83.7742.1 and prior, which could cause the revealing of account credentials when server database file...

CVE-2021-22741

Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA all versions, EcoStruxure Geo SCADA Expert 2019 all versions, and EcoStruxure Geo SCADA Expert 2020 V83.7742.1 and prior, which could cause the revealing of account credentials when server database file...

CVE-2020-27150

In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and other sensitive data in the original form if “Pre-shared key” doesn’t set...

Design/Logic Flaw

In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and other sensitive data in the original form if “Pre-shared key” doesn’t set...

CVE-2020-27150

CVE-2020-27150 affects multiple versions of Moxa NPort IA5000A Series industrial device servers. The vulnerability arises when exporting a device’s configuration, which can reveal passwords for all users and other sensitive data in their original form if a Pre-shared key has not been set. The con...

CVE-2021-3037

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS...

Palo Alto Networks PAN-OS 8.1.x < 8.1.19 / 9.0.x < 9.0.13 / 9.1.x < 9.1.4 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.19 or 9.0.x prior to 9.0.13 or 9.1.x prior to 9.1.4. It is, therefore, affected by a vulnerability. - An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where...