167 matches found
PT-2022-24917 · Tasks.Org · Tasks.Org
Name of the Vulnerable Software and Affected Versions: Tasks.org versions prior to 12.7.1 Tasks.org versions prior to 13.0.1 Description: The Tasks.org Android app has a sensitive information disclosure issue. The app's ShareLinkActivity.kt activity handles "share" intents and may copy files from...
The vulnerability of the microprogrammed software of Moxa’s EDR-G903, EDR-G902, and EDR-810 series of industrial routers lies in the use of rigidly encrypted account data, allowing attackers to gain full access to the devices.
The vulnerability of the microprogrammed software of Moxa’s EDR-G903, EDR-G902, and EDR-810 series of routers lies in the use of rigidly encrypted login credentials. Exploiting this vulnerability allows a malicious actor to gain full access to the device using these specially created login...
CVE-2021-35226
An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service SWIS. Exposed credentials are encrypted and require authenticated access with an NCM role...
Design/Logic Flaw
An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service SWIS. Exposed credentials are encrypted and require authenticated access with an NCM role...
CVE-2021-35226 Hashed Credential Exposure Vulnerability
An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service SWIS. Exposed credentials are encrypted and require authenticated access with an NCM role...
CVE-2022-36117
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for an administrative function. If...
The vulnerability of the software authentication mechanism of Spectrum Virtualize allows a perpetrator to escalate their privileges.
The vulnerability of the software authentication mechanism of Spectrum Virtualize is related to the use of strictly encrypted credentials. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...
The vulnerability of RSA key-generation functions in microprogramming-based network interface controllers of Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows attackers to calculate secret RSA keys.
The vulnerability of RSA key exchange functions in microprogramming-based network interface controllers of Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD is related to the use of strictly encrypted credentials. Exploiting this vulnerability allows a malicious actor ...
The vulnerability of the Questions for Confluence application on the Atlassian Confluence Server and the Confluence Data Center, related to the possibility of using strictly encrypted user credentials, allows a hacker to gain full access to the Confluence software with the confluence-users group’s permissions.
The vulnerability of the Questions for Confluence application on the Atlassian Confluence Server web server and the Confluence Data Center is related to the possibility of using strictly encrypted user credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, t...
The vulnerability of the Wiser Smart programmable logic controllers from Schneider Electric, Wiser Controller EER21000 and Wiser Controller EER21001, arises from the use of rigidly encrypted account data. This allows a intruder to execute arbitrary codes.
The vulnerability of the Wiser Smart programmable logic controllers from Schneider Electric, Wiser Controller EER21000 and Wiser Controller EER21001, lies in the use of strictly encrypted user credentials. Exploiting this vulnerability could allow an attacker to execute arbitrary codes remotely...
The vulnerability of the OpenBSI controller display tool, related to the use of strictly encrypted credentials, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the OpenBSI controller display tool lies in the use of strictly encrypted credentials. Exploiting this vulnerability could allow a malicious actor to gain access to the credentials remotely...
The vulnerability of microprogrammed software for programmable logic controllers ACE1000, related to the use of strictly encrypted user credentials for SSH accounts, allows a intruder to gain unauthorized access to protected information.
The vulnerability of microprogrammed programmable logic controllers ACE1000 is related to the use of rigidly encoded user data for SSH accounts. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the XRT LAN-to-radio gateway and the XNL port for establishing connections in the microprogrammed logic controllers ACE1000 allows a intruder to gain unauthorized access to protected information.
The vulnerability of the XRT LAN-to-radio gateway and the XNL port for establishing connections in the microprogrammed logic controllers ACE1000 software involves the use of rigidly encrypted credentials. Exploiting this vulnerability could allow an intruder, operating remotely, to gain...
CVE-2022-25804
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. Insecure permissions for the serverconfig registry key under JavaSoft\Prefs\de\igel\rm\config in HKEYLOCALMACHINE\SOFTWARE allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the U...
CVE-2022-25804
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. Insecure permissions for the serverconfig registry key under JavaSoft\Prefs\de\igel\rm\config in HKEYLOCALMACHINE\SOFTWARE allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the U...
IGEL Universal Management Suite 安全漏洞
The IGEL Universal Management Suite IGEL UMS is a single management solution from IGEL Germany. It can be used for up to tens of thousands of endpoints running IGEL OS. A security vulnerability in IGEL Universal Management Suite UMS version 6.07.100, which stems from insecure permissions in the...
IGEL Universal Management Suite 信任管理问题漏洞
The IGEL Universal Management Suite IGEL UMS is a single management solution from IGEL Germany. It can be used for up to tens of thousands of endpoints running IGEL OS. A security vulnerability exists in IGEL Universal Management Suite UMS version 6.07.100, which stems from a hard-coded DES key i...
Credentials transmitted in plain text by Backlog Plugin
Backlog Plugin stores credentials in job config.xml files as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by Backlog Plugin 2.4 and earlier. These credentials could be viewed by users with...
Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials
Beaker builder Plugin stored the Beaker password unencrypted on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. Beaker builder Plugin now stores these credentials encrypted...
Jenkins Repository Connector Plugin has insufficiently protected credentials
Jenkins Repository Connector Plugin stored the username and password in its configuration unencrypted in its global configuration file on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. The plugin now stores the password encrypted ...