CVE-2023-50894

In Janitza GridVis through 9.0.66, use of hard-coded credentials in the de.janitza.pasw.feature.impl.activators.PasswordEncryption password encryption function allows remote authenticated administrative users to discover cleartext database credentials contained in error report information...

CVE-2023-50894

In Janitza GridVis through 9.0.66, use of hard-coded credentials in the de.janitza.pasw.feature.impl.activators.PasswordEncryption password encryption function allows remote authenticated administrative users to discover cleartext database credentials contained in error report information...

Milesight UR5X / UR32L / UR32 / UR35 / UR41 Credential Leakage Exploit

Milesight IoT router versions UR5X, UR32L, UR32, UR35, and UR41 suffer from a credential leaking vulnerability due to unprotected system logs and weak password encryption. !/usr/bin/env python3 -- coding: utf-8 -- """ Title: Credential Leakage Through Unprotected System Logs and Weak Password...

Milesight UR5X / UR32L / UR32 / UR35 / UR41 Credential Leakage

!/usr/bin/env python3 -- coding: utf-8 -- """ Title: Credential Leakage Through Unprotected System Logs and Weak Password Encryption CVE: CVE-2023-43261 Script Author: Bipin Jitiya @win3zz Vendor: Milesight IoT - https://www.milesight-iot.com/ Formerly Xiamen Ursalink Technology Co., Ltd...

Milesight Routers UR5X, UR32L, UR32, UR35, UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption

!/usr/bin/env python3 -- coding: utf-8 -- """ Title: Credential Leakage Through Unprotected System Logs and Weak Password Encryption CVE: CVE-2023-43261 Script Author: Bipin Jitiya @win3zz Vendor: Milesight IoT - https://www.milesight-iot.com/ Formerly Xiamen Ursalink Technology Co., Ltd...

Security Bulletin: IBM OpenPages Is Vulnerable to Privilege Escalation attack (CVE-2023-38738)

Summary IBM OpenPages with Watson is affected by unauthorized account access due to Native authentication method. This vulnerability is addressed. Vulnerability Details CVEID:CVE-2023-38738 DESCRIPTION: IBM OpenPages could provide weaker than expected security in a OpenPages environment using...

Design/Logic Flaw

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM...

Design/Logic Flaw

RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility RVToolsPasswordEncryption.exe and main application RVTools.exe. A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially...

CVE-2023-44303

CVE-2023-44303 affects RVTools 3.9.2 and later, exposing a sensitive data exposure through the password encryption utility (RVToolsPasswordEncryption.exe) and the main RVTools.exe. Root cause is described as an incomplete fix for CVE-2020-27688, enabling potential disclosure of encrypted password...

PT-2023-7270 · Rvtools · Rvtools

Name of the Vulnerable Software and Affected Versions: RVTools versions 3.9.2 and above Description: The issue is related to errors in cryptographic transformations, which can allow a remote attacker to gain unauthorized access to protected information. Specifically, the vulnerability in the...

Rocky Linux 9 : libreoffice (RLSA-2023:0304)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0304 advisory. - An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only...

Add a new user to the system

This command adds a new user to the system Module Options msf use post/linux/manage/adduser msf postadduser show actions ...actions... msf postadduser set ACTION msf postadduser show options ...show and set options... msf postadduser run This module requires Metasploit:...

CVE-2023-36140

In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts...

CVE-2023-36140

In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts...

PT-2023-25451 · Phpjabbers · Phpjabbers Cleaning Business

Name of the Vulnerable Software and Affected Versions: PHPJabbers Cleaning Business Software version 1.0 Description: The issue concerns the lack of encryption on user passwords, allowing an attacker to gain access to all user accounts. This enables unauthorized access, potentially leading to dat...

CVE-2023-36140

CVE-2023-36140 affects PHPJabbers Cleaning Business Software 1.0. The root cause is that user passwords are not encrypted, enabling an attacker to access all user accounts. The entry carries a high-risk impact (CRITICAL, CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). No remediation details are p...

CVE-2023-40354

Affected software: MariaDB MaxScale. Vulnerability details: When a user runs “maxctrl create service” and enters an encrypted password, the password is stored in cleartext in the generated /var/lib/maxscale/maxscale.cnf.d/.cnf file. Root cause/impact: This leaks credentials and can result in unau...

[SECURITY] Fedora 38 Update: krb5-1.21-3.fc38

Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form...

CVE-2023-36136

PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account update user page allowing an attacker to capture all user names and passwords in clear text...

CVE-2023-36136

PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account update user page allowing an attacker to capture all user names and passwords in clear text...