173 matches found
The vulnerability of the util-linux package on Linux operating systems allows a hacker to gain unauthorized access to passwords or modify the user’s swap space.
The vulnerability of the util-linux package on Linux operating systems is related to the improper assignment of privileges. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to passwords or modify the user’s swap file by using the wall command with...
CVE-2024-26133
EventStoreDB ESDB is an operational database built to store events. A vulnerability has been identified in the projections subsystem in versions 20 prior to 20.10.6, 21 prior to 21.10.11, 22 prior to 22.10.5, and 23 prior to 23.10.1. Only database instances that use custom projections are affecte...
CVE-2023-45182
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM...
PT-2023-14813 · Siemens · Simatic Step 7 +2
Name of the Vulnerable Software and Affected Versions: SIMATIC STEP 7 TIA Portal versions prior to V19 Description: An information disclosure issue could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs when entered by a legitimate user in...
Zyxel DX5401-B0 安全漏洞
The Zyxel DX5401-B0 is a wireless enhancement device from China's Hopkins Zyxel. A security vulnerability exists in the Zyxel DX5401-B0 V5.17ABYO.1C0 firmware version, which originates from the exposure of sensitive information in CGI ExportLog and binary zcmd. An attacker can exploit this...
CVE-2022-41986
Information disclosure vulnerability in Android App 'IIJ SmartKey' versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions...
USN-5661-1: LibreOffice vulnerabilities
It was discovered that LibreOffice incorrectly validated macro signatures. If a user were tricked into opening a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary macros. CVE-2022-26305 It was discovered that Libreoffice incorrectly handled encryptin...
The vulnerability of the Mozilla Firefox browser for iOS, related to insufficient protection of registration data, allows a hacker to gain access to user passwords for the current domain.
The vulnerability of the Mozilla Firefox browser for iOS is related to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor to gain access to user passwords for the current domain...
RHEL 7 : 389-ds-base (RHSA-2022:5239)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5239 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP...
Verbatim Keypad Secure USB Drive 安全漏洞
The Verbatim Keypad Secure USB Drive is a hardware encrypted USB flash drive from the Chinese company Verbatim. A security vulnerability exists in the Verbatim Keypad Secure USB Drive, which arises from an insecure design and can be exploited by an attacker to brute-force break a password offline...
Siemens RUGGEDCOM 加密问题漏洞
RUGGEDCOM ROS-based devices are typically switches and serial-to-Ethernet devices used to connect equipment that operates in harsh environments, such as electric utility substations and traffic control cabinets. An information disclosure vulnerability exists in Siemens RUGGEDCOM Devices, which ca...
Vulnerabilities fixed in GNU Mailman
The developers of GNU Mailman have fixed two vulnerabilities fixed in GNU Mailman. The vulnerabilities could be exploited by a malicious person to gain access to the administrator password, or to use a cross-site scripting attack to execute code in the scope of the affected browser. To gain acces...
The vulnerability of the Synergia operating system, related to weaknesses in password policies, allows attackers to obtain user passwords by force.
The vulnerability of the Synergia operating system is related to weaknesses in the password policy. Exploiting this vulnerability could allow a perpetrator to obtain user passwords by force...
CVE-2021-30948
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. A person with physical access to an iOS device may be able to access stored passwords without authentication...
CVE-2021-33895
ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of the process running BBSV to login to the Backbox UI application, the system procedure USERAUTHENTICATE used for verifying the Password returns 0 no error. The reason is that the user is not running...
Default credentials
ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of the process running BBSV to login to the Backbox UI application, the system procedure USERAUTHENTICATE used for verifying the Password returns 0 no error. The reason is that the user is not running...
CVE-2021-33895
The CVE-2021-33895 issue affects ETINET BACKBOX, specifically E4.09 (22SEP2020) and H4.09 (T0954V04^AAO). The flaw is improper password access control: when a user logs into the Backbox UI using the User ID of the process running BBSV, the system procedure USER_AUTHENTICATE_ used for password ver...
CVE-2021-33895
ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of the process running BBSV to login to the Backbox UI application, the system procedure USERAUTHENTICATE used for verifying the Password returns 0 no error. The reason is that the user is not running...
The vulnerability of the ajaxhelper.php component of the Nagios Fusion software, which is used for visualizing the operational status of IT infrastructure, allows a hacker to gain access to user passwords.
The vulnerability of the ajaxhelper.php component of the Nagios Fusion software, which is used for visualizing the operational status of IT infrastructure, relates to the insecure storage of confidential information. Exploiting this vulnerability could allow an attacker, operating remotely, to ga...
The vulnerability of the programmable logic controller Modicon TSX TWIDO, related to the absence of a mechanism to protect operational data, allows a intruder to obtain the project password.
The vulnerability of the embedded software of the programmable logic controller Modicon TSX TWIDO is related to the absence of a mechanism for protecting operational data. Exploiting this vulnerability could allow an attacker, operating remotely, to obtain the project password...