37 matches found
Hardcoded credentials
An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts...
CVE-2019-5139
CVE-2019-5139 affects Moxa AWK-3131A (firmware 1.13). A hard-coded credential (moxaiwroot) is used in multiple iw_* utilities, enabling creation of custom diagnostic scripts via the device’s diagnostic path. Root cause: undocumented encryption/password usage within iw_* components. Impact: local ...
CVE-2019-5139
An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts...
Moxa AWK-3131A multiple iw_* utilities Use of Hard-coded Credentials Vulnerability
Summary An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. Tested Versions Moxa...
CVE-2019-5593
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded...
CVE-2019-5593
Fortinet FortiOS is affected by CVE-2019-5593. The flaw arises from improper permission/value checking in the CLI console, allowing a non-privileged local attacker to obtain plaintext private keys of system certificates by unsetting the encryption password for built‑in certificates (FortiOS 6.2.0...
CVE-2019-5593
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded...
Sensitive Data Exposure in pem
Versions of pem before 1.13.2 expose sensitive data when the readPkcs12 is used. The readPkcs12 function reads the certificate and key data from a pkcs12 file using the encryption password. As part of this process it creates a globally readable file with a filename of 20 random 0-f characters in...
Primetek Primefaces Weak Encryption Remote Code Execution (CVE-2017-1000486)
Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password...
SNMPwn - An SNMPv3 User Enumerator and Attack tool
SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with "Unknown user name" when an...
BenignCertain: a can remotely extract the Cisco VPN key hack tool free leak files download address-vulnerability warning-the black bar safety net
One, Foreword In a flash, we came to this familiar yet strange Friday. In this past week, the field of network security in the most“eye-catching”the event certainly not“the NSA is a black event”Mo belong to. The United States Time 2 0 1 6 years 8 on 1 5 December, a named“The Shadow Brokers”of the...
CVE-2012-2743
Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack...
backorifice-info NSE Script
Connects to a BackOrifice service and gathers information about the host and the BackOrifice service itself. The extracted host information includes basic system setup, list of running processes, network resources and shares. Information about the service includes enabled port redirections,...
ASP Comersus7F Shopping Cart Database Disclosure
======================================================================================== | Title : Asp - comersus7F Shopping Cart Software Backup Dump Vulnerability | Author : indoushka | Home : www.iqs3cur1ty.com | Bug : Database Disclosure ====================== Exploit By indoushka...
CVE-2002-1946
Videsh Sanchar Nigam Limited VSNL Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme one-to-one mapping in a registry key, which allows local users to obtain and decrypt the password...
CVE-2000-0093
An installation of Red Hat uses DES password encryption with crypt for the initial password, instead of md5...
CVE-1999-1049
ARCserve NT agents use weak encryption XOR for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt the password...