CVE-2023-36136

PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account update user page allowing an attacker to capture all user names and passwords in clear text...

CVE-2023-36136

PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account update user page allowing an attacker to capture all user names and passwords in clear text...

CVE-2023-36136

PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account update user page allowing an attacker to capture all user names and passwords in clear text...

Class Scheduling System Security Vulnerability

Class Scheduling System is a class scheduling system by jkev individual developers. A security vulnerability exists in PHPJabbers Class Scheduling System version 1.0, which stems from a lack of password encryption when editing a user account updating a user's page, which allows an attacker to...

CVE-2023-35763

CVE-2023-35763 affects Iagona ScrutisWeb versions 2.1.37 and earlier. The vulnerability is described as a cryptographic flaw that could allow an unauthenticated attacker to decrypt passwords in plaintext, associated with use of a hard-coded cryptographic key (CWE-321). Affected product: ScrutisWe...

Add user with useradd

Creates a new user. By default the new user is set with sudo but other options exist to make the new user automatically root but this is not automatically set since the new user will be treated as root and login may be difficult. The new user can also be set as just a standard user if desired...

Remote code execution

An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution...

CVE-2022-41400

Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings...

Exploit for Inadequate Encryption Strength in Argussurveillance Dvr

Argus Surveillance DVR 4.0 - Weak Password Encryption CVE-2...

SUSE CVE-2013-4122

Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service thread crash and consumption via 1 an invalid salt or, when FIPS-140...

SUSE CVE-2019-3700

yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security switched to stronger...

CVE-2023-24454

CVE-2023-24454 affects Jenkins TestQuality Updater Plugin (versions 1.3 and earlier). The vulnerability stems from storing the TestQuality Updater password unencrypted in the global configuration file on the Jenkins controller (com.testquality.jenkins.TestQualityNotifier.xml), enabling users with...

authselect bug fix update

An update is available for authselect. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The authselect package configures authentication and identity sources from...

Arbitrary txt files deletion (authenticated)

Description The file sources/export.queries.php can be exploited by any authenticated user to remove arbitrary txt files. If the system administrator configured the base path for the teampass-seckey.txt to be /var/teampass, as shown in the official example, it is possible to remove it causing a...

Oracle Linux 8 : libreoffice (ELSA-2023-0089)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0089 advisory. - Resolves: rhbz2134752 CVE-2022-26305 Untrusted Macros - Resolves: rhbz2134751 CVE-2022-26307 Weak Master Keys - Resolves: rhbz2134750 CVE-2022-26306...

authselect bug fix and enhancement update

An update is available for authselect. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The authselect package configures authentication and identity sources from...

Code injection

Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords...

CVE-2022-46142

Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords...

Information Disclosure

libreoffice is vulnerable to information disclosure. The vulnerability exists in the auto-save password encryption mechanism while restarting which allows an attacker to gain access to password information of a user if the user accidently saves the document unencrypted...

SUSE SLED12 / SLES12 Security Update : libreoffice (SUSE-SU-2022:3602-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3602-1 advisory. - An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was...