Lucene search
+L

53 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:5 p.m.8 views

CVE-2020-11916

An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user is hashed using an old and deprecated hashing technique. Because of this deprecated hashing, the success probability of an attacker in an offline cracking attack is greatly increased...

6.3CVSS7.2AI score0.00474EPSS
Exploits1References1
OSV
OSV
added 2025/01/04 2:15 a.m.5 views

CVE-2025-22390

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate...

7.5CVSS5.7AI score0.00347EPSS
Exploits0References1
Metasploit
Metasploit
added 2024/12/20 6:55 p.m.521 views

NTP Timeroast

Windows authenticates NTP requests by calculating the message digest using the NT hash followed by the first 48 bytes of the NTP message all fields preceding the key ID. An attacker can abuse this to recover hashes that can be cracked offline for machine and trust accounts. The attacker must know...

5.9AI score
Exploits0
OSV
OSV
added 2024/11/07 6:15 p.m.5 views

CVE-2020-11916

An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user is hashed using an old and deprecated hashing technique. Because of this deprecated hashing, the success probability of an attacker in an offline cracking attack is greatly increased...

6.3CVSS5.8AI score0.00474EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/11/07 12:0 a.m.14 views

CVE-2019-20457

An issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login attempt returns an incomplete authorization cookie. The value of the authorization cookie is the MD...

7AI score0.00734EPSS
Exploits0References3
CVE
CVE
added 2024/11/07 12:0 a.m.61 views

CVE-2019-20457

The CVE-2019-20457 entry concerns Brother MFC-J491DW (firmware C1806180757). Affected component is the web interface where authentication can be bypassed to reveal the password hash. The underlying issue is that the response header after failed login attempts returns an incomplete authorization c...

9.1CVSS7.3AI score0.00734EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/07 12:0 a.m.25 views

CVE-2019-20457

An issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login attempt returns an incomplete authorization cookie. The value of the authorization cookie is the MD...

0.00734EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/07 12:0 a.m.5 views

PT-2024-10770 · Siime Eye · Siime Eye

Name of the Vulnerable Software and Affected Versions: Siime Eye version 14.1.00000001.3.330.0.0.3.14 Description: An issue was discovered in Siime Eye where the password for the root user is hashed using an old and deprecated hashing technique. Because of this deprecated hashing, the success...

6.3CVSS6.8AI score0.00474EPSS
Exploits1References10
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.719 views

IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval', 'Description' = %q| This module identifies IPMI 2.0-compatible systems and attempts to retrie...

7.8CVSS7AI score0.81802EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.513 views

Wordpress BookingPress bookingpress_front_get_category_services SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress BookingPress bookingpressfrontgetcategoryservices SQLi', 'Description' = %q The BookingPress WordPress plugin before 1.0.11 fails to...

9.8CVSS7AI score0.37171EPSS
Exploits11
NVD
NVD
added 2024/01/10 9:15 p.m.23 views

CVE-2023-29446

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline...

4.7CVSS5AI score0.00214EPSS
Exploits0References3
Prion
Prion
added 2024/01/10 9:15 p.m.20 views

Input validation

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline...

1.2CVSS7AI score0.00214EPSS
Exploits0References3Affected Software3
CNNVD
CNNVD
added 2023/09/01 12:0 a.m.5 views

PTC Kepware KEPServerEX Input Validation Error Vulnerability

PTC Kepware KEPServerEX is an industrial automation data connectivity solution from PTC Corporation. PTC Kepware KEPServerEX 6.14.263.0 and earlier versions suffer from an input validation error vulnerability that stems from easy UNC path injection via a malicious project file.By tricking a user...

4.7CVSS7.1AI score0.00214EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.5 views

SUSE CVE-2021-43332

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...

7.4CVSS6.9AI score0.01072EPSS
Exploits0References4
Metasploit
Metasploit
added 2023/01/27 7:49 p.m.82 views

Kerberos Authentication Check Scanner

This module will test Kerberos logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access. Kerberos accounts which do not require pre-authentication...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.19 views

Siemens Desigo PXC and DXR Devices Use of Password Hash with Insufficient Computational Effort (CVE-2022-24041)

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application stores the PBKDF2 derived key of users passwords with a low...

6.5CVSS6.4AI score0.0045EPSS
Exploits0References3
NVD
NVD
added 2022/09/15 12:15 p.m.24 views

CVE-2022-38788

An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and after offline cracking retrieve the PIN and LTK long-term key...

4.3CVSS0.00538EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/09/15 12:15 p.m.2 views

CVE-2022-38788

An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and after offline cracking retrieve the PIN and LTK long-term key...

4.3CVSS5.8AI score0.00538EPSS
Exploits1References3
OSV
OSV
added 2022/09/15 12:15 p.m.4 views

CVE-2022-38788

An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and after offline cracking retrieve the PIN and LTK long-term key...

4.3CVSS5.8AI score0.00538EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/09/15 11:58 a.m.35 views

CVE-2022-38788

An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and after offline cracking retrieve the PIN and LTK long-term key...

4.9AI score0.00538EPSS
Exploits1References2
Rows per page
Query Builder