125 matches found
CVE-2020-12712
A vulnerability based on insecure user/password encryption in the JOE job editor component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile...
CVE-2013-7287
MobileIron VSP 5.9.1 and Sentry 5.0 has an insecure encryption scheme...
Code injection
MobileIron VSP 5.9.1 and Sentry 5.0 has an insecure encryption scheme...
CVE-2013-7287
MobileIron VSP 5.9.1 and Sentry 5.0 has an insecure encryption scheme...
The vulnerability of the SAP Enable Now platform stems from deficiencies in the encryption of user-input data, allowing attackers to carry out XSS attacks.
The vulnerability of the SAP Enable Now platform exists due to deficiencies in the encryption of user-input data. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...
Insecure Encryption
Overview parsel is a library that allows you to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. In cases where an initialisation vector is not supplied to the encrypt or decrypt call in parsel.rb, the initialisation vector used b...
Insecure Encryption
Overview parsel is a gem to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. In cases where an initialisation vector is not supplied to the encrypt or decrypt call in parsel.rb, the initialisation vector used by the library is set...
Insecure Encryption
Overview parsel is a library that allows you to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. It contains a weak key derivation function, in which a key of arbitrary length is run through one round of SHA256 to gain key materia...
Insecure Encryption
Overview parsel is a gem to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. It contains a weak key derivation function, in which a key of arbitrary length is run through one round of SHA256 to gain key material of the correct...
CVE-2020-6857
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary...
Neowise CarbonFTP 1.4 Insecure Proprietary Password Encryption Exploit
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NEOWISE-CARBONFTP-v1.4-INSECURE-PROPRIETARY-PASSWORD-ENCRYPTION.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.neowise.com Product CarbonFTP v1.4 CarbonFTP is a...
CVE-2019-10734
In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the...
ChipsBank UMPTool Privilege Gain Vulnerability
ChipsBank UMPTool is a tool for batch modification of USB flash drive information. A security vulnerability exists in ChipsBank UMPTool that originates from the program's use of a simple alternative encryption algorithm to store passwords in NAND. An attacker in close physical proximity could...
CVE-2017-15326
DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker...
CVE-2017-8867
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on...
CVE-2017-15998
In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network...
Google Android Qualcomm Component Insecure Encryption Algorithm Vulnerability
Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA in the U.S. Qualcomm is one of the Qualcomm components used in Qualcomm devices. The Qualcomm component in Android has a security vulnerability that stems from the use of insecure...
Insecure Encryption
aescrypt uses a vulnerable encryption method. The method is vulnerable because it does not randomize the CBC IV when encrypting and decrypting data. This allows attackers to easily defeat the cryptographic mechanism by guessing the CBC IV...
CVE-2016-6899
The Intelligent Baseboard Management Controller iBMC in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885 V3 servers with software before V100R003C10SPC102, a...
CVE-2013-7252
kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack...