CVE-2020-7515

CVE-2020-7515 affects Schneider Electric’s Easergy Builder (V1.4.7.2 and older). The root cause is a CWE-321 issue: a hard-coded cryptographic key stored in cleartext, which could allow an attacker to decrypt a password. Documents from multiple sources (NVD, Red Hat, CNVD, PRION, CVE listings) co...

SOS JobScheduler 1.13.3 - Stored Password Decryption Exploit

Exploit Title: SOS JobScheduler 1.13.3 - Stored Password Decryption Exploit Author: Sander Ubink Vendor Homepage: www.sos-berlin.com Software Link: www.sos-berlin.com/en/jobscheduler-downloads Version: Tested on 1.12.9 and 1.13.3, vendor reported 1.12 and 1.13 Tested on: Windows and Linux CVE:...

SOS JobScheduler 1.13.3 Stored Password Decryption

Exploit Title: SOS JobScheduler 1.13.3 - Stored Password Decryption Google Dork: N/A Date: 2020-04-20 Exploit Author: Sander Ubink Vendor Homepage: www.sos-berlin.com Software Link: www.sos-berlin.com/en/jobscheduler-downloads Version: Tested on 1.12.9 and 1.13.3, vendor reported 1.12 and 1.13...

SOS JobScheduler 1.13.3 - Stored Password Decryption

Exploit Title: SOS JobScheduler 1.13.3 - Stored Password Decryption Google Dork: N/A Date: 2020-04-20 Exploit Author: Sander Ubink Vendor Homepage: www.sos-berlin.com Software Link: www.sos-berlin.com/en/jobscheduler-downloads Version: Tested on 1.12.9 and 1.13.3, vendor reported 1.12 and 1.13...

CVE-2020-12712

A vulnerability based on insecure user/password encryption in the JOE job editor component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile...

The vulnerability of the Schneider Electric Easergy Builder software in terms of controller configuration lies in the use and storage of the cryptographic key in an unencrypted form. This allows a hacker to decrypt user passwords.

The vulnerability of the Schneider Electric Easergy Builder software for configuring controllers is related to the use and storage of the cryptographic key in an unencrypted form. Exploiting this vulnerability could allow a hacker to decrypt user passwords...

SUSE SLES12 Security Update : pam_radius (SUSE-SU-2020:1117-1)

This update for pamradius fixes the following issues : CVE-2015-9542: Fixed a buffer overflow in password field bsc1163933. On s390x didn't decrypt passwords correctly bsc1141670. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security...

ZyXEL GS1900 Use of Hardcoded Passwords Vulnerability

ZyXEL GS1900 is a managed switch from ZyXEL Taiwan, China. A security vulnerability exists in the Zyxel GS1900 using firmware prior to version 2.50AAHH.0C0. The vulnerability can be exploited by an attacker to decrypt passwords with the help of hard-coded encryption keys...

Unspecified Vulnerability in ZyXEL GS1900 (CNVD-2019-41670)

ZyXEL GS1900 is a managed switch from ZyXEL Taiwan, China. A security vulnerability exists in the Zyxel GS1900 using firmware prior to this version 2.50AAHH.0C0. An attacker could exploit the vulnerability to decrypt a previously encrypted password...

Broadcom Brocade SANnav Encryption Issue Vulnerability

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in the encryption key generation process in the PBE algorithm of Broadcom Brocade SANnav versions prior to 2.0. An attacker can exploit this vulnerability to decrypt passwords...

CVE-2019-15799

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH while their...

CVE-2019-15801

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware,...

Cross site scripting

Password-based encryption PBE algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services Radius, TACAS, etc...

CVE-2019-16208

Password-based encryption PBE algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services Radius, TACAS, etc...

BSA-2019-867

Security Advisory ID : BSA-2019-867 Component : SANnav Revision : 1.0 Password-based encryption PBE algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services Radius, TACAS, etc...

Detrix EDMS 1.2.3.1505 SQL Injection

!/usr/bin/php / Exploit Title: Detrix EDMS cleartext user password remote SQLI exploit Google Dork: Date: Jul 2019 Exploit Author: Burov Konstantin Vendor Homepage: forum.detrix.kz Software Link:...

CVE-2019-5723

An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored by the applicatio...

OPC Foundation UA Client Applications Information Disclosure Vulnerability

OPC Foundation UA Client Applications is a platform-independent, service-oriented, unified architecture client application from the OPC OLE for Process Control Foundation. An information disclosure vulnerability exists in OPC Foundation UA Client Applications, which arises from the program failin...

Scientific Linux Security Update : firefox on SL7.x x86_64 (20181025)

This update upgrades Firefox to version 60.3.0 ESR. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 CVE-2018-12390 - Mozilla: Crash with nested event loops CVE-2018-12392 - Mozilla: Integer overflow during Unicode conversion while loading JavaScript...

Ivanti Workspace Control and RES One Workspace Information Disclosure Vulnerability

Ivanti Workspace Control formerly known as RES One Workspace is a set of workspace control software from the American company Ivanti. The software includes features such as user management, application management and report management. A security vulnerability exists in Ivanti Workspace Control...