Lucene search
K

75 matches found

CNNVD
CNNVD
added 2023/06/12 12:0 a.m.3 views

Atlas Copco Power Focus 安全漏洞

Atlas Copco Power Focus is a universal tightening system from Atlas Copco Sweden that connects to a wide range of Atlas Copco assembly tools to provide you with a full-platform assembly solution. A security vulnerability exists in the Atlas Copco Power Focus 6000 that stems from login information...

9.4CVSS7.3AI score0.00341EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/12 12:0 a.m.3 views

PT-2023-17323 · Atlas Copco · Atlas Copco Power Focus 6000

Name of the Vulnerable Software and Affected Versions: Atlas Copco Power Focus 6000 affected versions not specified Description: The issue concerns the Atlas Copco Power Focus 6000 web server, which fails to sanitize login information stored by the authenticated user's browser. This could allow a...

9.4CVSS7.2AI score0.00341EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/11/20 12:0 a.m.2 views

PT-2022-36777 · Git +1 · Opensc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack-buffer-overflow read error. The crash state involves several functions: authentic get tagged data, authentic parse...

6.8AI score
Exploits0References2
Debian CVE
Debian CVE
added 2021/07/09 12:0 a.m.26 views

CVE-2021-36367

PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt that the attacker can use to capture credential data, and use...

8.1CVSS8.1AI score0.01106EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2021/07/09 12:0 a.m.40 views

CVE-2021-36367

PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt that the attacker can use to capture credential data, and use...

8.1CVSS6.7AI score0.01106EPSS
Exploits0
NVD
NVD
added 2021/04/06 12:15 p.m.15 views

CVE-2021-28172

There is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform. Remote attackers can access credential data with this leakage...

7.5CVSS0.01803EPSS
Exploits0References2
Prion
Prion
added 2021/04/06 12:15 p.m.15 views

Path traversal

There is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform. Remote attackers can access credential data with this leakage...

5CVSS7.6AI score0.01803EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/04/06 11:20 a.m.16 views

CVE-2021-28172 Vangene deltaFlow E-platform - Path Traversal

There is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform. Remote attackers can access credential data with this leakage...

7.5CVSS7.8AI score0.01803EPSS
Exploits0References2
CVE
CVE
added 2021/04/06 11:20 a.m.31 views

CVE-2021-28172

CVE-2021-28172 describes a path traversal vulnerability in the file download function of Vangene deltaFlow E-platform. The underlying issue allows remote attackers to access credential data through the download mechanism. The entry cites a network-accessible vector with low attack complexity and ...

7.5CVSS7.6AI score0.01803EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/04/06 12:0 a.m.4 views

Vangene deltaFlow E-platform 路径遍历漏洞

The Vangene deltaFlow E-platform is an application system from Vangene, China. Standard forms can be set up quickly in less than five minutes. A path traversal vulnerability exists in Vangene deltaFlow E-platform, which can be exploited by remote attackers to access credential data...

7.5CVSS7.4AI score0.01803EPSS
Exploits0References2
CNVD
CNVD
added 2021/01/05 12:0 a.m.0 views

IBM Cloud Pak System Information Disclosure Vulnerability (CNVD-2021-01064)

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from IBM USA. An information disclosure vulnerability exists in IBM Cloud Pak System 2.3. An attacker could exploit this vulnerability to obtain credential information from an HTTP response...

4.4CVSS6.1AI score0.00302EPSS
Exploits0References1
Prion
Prion
added 2020/12/08 8:15 p.m.12 views

Cross site request forgery (csrf)

An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker with network access to the device to obtain the configuration file, including hashed credential data. Successful exploitation could allow access to hashed credential data with a single...

5CVSS7.4AI score0.0121EPSS
Exploits1References2Affected Software1
ICS
ICS
added 2020/07/07 12:0 a.m.55 views

Grundfos CIM 500

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Grundfos Pumps Corporation Equipment: CIM 500 Vulnerabilities: Missing Authentication for Critical Function, Unprotected Storage of Credentials 2. RISK EVALUATION Successful exploitation of these...

7.5CVSS8.2AI score0.01519EPSS
Exploits0References5
exploitpack
exploitpack
added 2020/02/24 12:0 a.m.110 views

ManageEngine EventLog Analyzer 10.0 - Information Disclosure

ManageEngine EventLog Analyzer 10.0 - Information Disclosure Exploit Title: ManageEngine EventLog Analyzer 10.0 - Information Disclosure Date: 2020-02-23 Author:Scott Goodwin Vendor: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/eventlog/ CVE: CVE-2019-19774...

4CVSS8.7AI score0.12517EPSS
Exploits5
OSV
OSV
added 2019/12/13 6:15 p.m.5 views

CVE-2019-19774

An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data...

8.8CVSS7.3AI score0.12517EPSS
Exploits5References3
NVD
NVD
added 2019/12/13 6:15 p.m.34 views

CVE-2019-19774

An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data...

8.8CVSS8.8AI score0.12517EPSS
Exploits5References3
EUVD
EUVD
added 2019/12/13 6:0 p.m.6 views

EUVD-2019-9373

An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data...

8.8CVSS8.8AI score0.12517EPSS
Exploits5References4
CNVD
CNVD
added 2019/12/09 12:0 a.m.4 views

Multiple Weidmueller Products Information Disclosure Vulnerability (CNVD-2020-01004)

Weidmueller IE-SW-VL05M-5TX and so on are an industrial Ethernet switch from Weidmueller, Germany. An information disclosure vulnerability exists in multiple Weidmueller products that originates from a program passing sensitive credential data in clear text. An attacker could exploit this...

9.8CVSS6.2AI score0.01284EPSS
Exploits0References1
Metasploit
Metasploit
added 2019/10/27 6:46 a.m.110 views

BSD Dump Password Hashes

Post module to dump the password hashes for all users on a BSD system. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BSD Dump Password Hashes', 'Description' = %q Post module to dump the...

6.9AI score
Exploits0
OSV
OSV
added 2019/01/25 8:29 p.m.5 views

CVE-2018-19009

Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI device. An attacker wi...

7.8CVSS5.8AI score0.00241EPSS
Exploits0References2
Rows per page
Query Builder