Lucene search
K

37 matches found

Prion
Prion
added 2020/02/25 4:15 p.m.18 views

Hardcoded credentials

An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts...

3.6CVSS7AI score0.00337EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/02/25 3:58 p.m.67 views

CVE-2019-5139

CVE-2019-5139 affects Moxa AWK-3131A (firmware 1.13). A hard-coded credential (moxaiwroot) is used in multiple iw_* utilities, enabling creation of custom diagnostic scripts via the device’s diagnostic path. Root cause: undocumented encryption/password usage within iw_* components. Impact: local ...

7.1CVSS6.9AI score0.00337EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/02/25 3:58 p.m.44 views

CVE-2019-5139

An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts...

6.2CVSS7AI score0.00337EPSS
Exploits1References1
Talos
Talos
added 2020/02/24 12:0 a.m.51 views

Moxa AWK-3131A multiple iw_* utilities Use of Hard-coded Credentials Vulnerability

Summary An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. Tested Versions Moxa...

7.1CVSS6.7AI score0.00337EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2020/01/23 4:50 p.m.3 views

CVE-2019-5593

Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded...

5.6AI score0.00189EPSS
Exploits0References1
CVE
CVE
added 2020/01/23 4:50 p.m.56 views

CVE-2019-5593

Fortinet FortiOS is affected by CVE-2019-5593. The flaw arises from improper permission/value checking in the CLI console, allowing a non-privileged local attacker to obtain plaintext private keys of system certificates by unsetting the encryption password for built‑in certificates (FortiOS 6.2.0...

5.5CVSS5.4AI score0.00189EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/01/23 4:50 p.m.30 views

CVE-2019-5593

Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded...

5.4AI score0.00189EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2019/06/04 3:42 p.m.30 views

Sensitive Data Exposure in pem

Versions of pem before 1.13.2 expose sensitive data when the readPkcs12 is used. The readPkcs12 function reads the certificate and key data from a pkcs12 file using the encryption password. As part of this process it creates a globally readable file with a filename of 20 random 0-f characters in...

2.8AI score
Exploits0References5Affected Software1
Check Point Advisories
Check Point Advisories
added 2018/10/28 12:0 a.m.30 views

Primetek Primefaces Weak Encryption Remote Code Execution (CVE-2017-1000486)

Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password...

7.5CVSS5.9AI score0.94104EPSS
Exploits6
Kitploit
Kitploit
added 2018/01/10 1:11 p.m.21 views

SNMPwn - An SNMPv3 User Enumerator and Attack tool

SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with "Unknown user name" when an...

7.3AI score
Exploits0References1
myhack58
myhack58
added 2016/08/19 12:0 a.m.132 views

BenignCertain: a can remotely extract the Cisco VPN key hack tool free leak files download address-vulnerability warning-the black bar safety net

One, Foreword In a flash, we came to this familiar yet strange Friday. In this past week, the field of network security in the most“eye-catching”the event certainly not“the NSA is a black event”Mo belong to. The United States Time 2 0 1 6 years 8 on 1 5 December, a named“The Shadow Brokers”of the...

7.3AI score
Exploits0
OSV
OSV
added 2012/06/27 10:55 p.m.7 views

CVE-2012-2743

Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack...

6.7AI score
Exploits0References7
Nmap
Nmap
added 2011/04/20 7:45 a.m.273 views

backorifice-info NSE Script

Connects to a BackOrifice service and gathers information about the host and the BackOrifice service itself. The extracted host information includes basic system setup, list of running processes, network resources and shares. Information about the service includes enabled port redirections,...

10CVSS9.3AI score0.99448EPSS
Exploits33
Packet Storm
Packet Storm
added 2010/03/30 12:0 a.m.29 views

ASP Comersus7F Shopping Cart Database Disclosure

======================================================================================== | Title : Asp - comersus7F Shopping Cart Software Backup Dump Vulnerability | Author : indoushka | Home : www.iqs3cur1ty.com | Bug : Database Disclosure ====================== Exploit By indoushka...

7.4AI score
Exploits0
NVD
NVD
added 2002/12/31 5:0 a.m.12 views

CVE-2002-1946

Videsh Sanchar Nigam Limited VSNL Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme one-to-one mapping in a registry key, which allows local users to obtain and decrypt the password...

5.5CVSS5.4AI score0.00125EPSS
Exploits0References2
NVD
NVD
added 2000/01/21 5:0 a.m.14 views

CVE-2000-0093

An installation of Red Hat uses DES password encryption with crypt for the initial password, instead of md5...

10CVSS6.8AI score0.01347EPSS
Exploits0References1
NVD
NVD
added 1999/02/21 5:0 a.m.12 views

CVE-1999-1049

ARCserve NT agents use weak encryption XOR for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt the password...

10CVSS7AI score0.01759EPSS
Exploits0References1
Rows per page
Query Builder