Ubuntu 20.04 LTS : LibreOffice vulnerabilities (USN-5661-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5661-1 advisory. It was discovered that LibreOffice incorrectly validated macro signatures. If a user were tricked into opening a specially crafted document, a remote...

VICIdial Multiple Authenticated SQLi

This module exploits several authenticated SQL Inject vulnerabilities in VICIdial 2.14b0.5 prior to svn/trunk revision 3555 VICIBox 10.0.0, prior to January 20 is vulnerable. Injection point 1 is on vicidial/admin.php when adding a user, in the modifyemailaccounts parameter. Injection point 2 is ...

Blink1Control2 2.2.7 Weak Password Encryption

// Exploit Title: Blink1Control2 2.2.7 - Weak Password Encryption // Date: 2022-08-12 // Exploit Author: p1ckzi // Vendor Homepage: https://thingm.com/ // Software Link: https://github.com/todbot/Blink1Control2/releases/tag/v2.2.7 // Vulnerable Version: blink1control2 !/usr/bin/env node const...

Blink1Control2 2.2.7 - Weak Password Encryption Exploit

// Exploit Title: Blink1Control2 2.2.7 - Weak Password Encryption // Exploit Author: p1ckzi // Vendor Homepage: https://thingm.com/ // Software Link: https://github.com/todbot/Blink1Control2/releases/tag/v2.2.7 // Vulnerable Version: blink1control2 !/usr/bin/env node const ArgumentParser =...

CVE-2022-35513

The Blink1Control2 application = 2.2.7 uses weak password encryption and an insecure method of storage...

CVE-2022-35513

The Blink1Control2 application = 2.2.7 uses weak password encryption and an insecure method of storage...

CVE-2022-35513

CVE-2022-35513 affects Blink1Control2

Blink1Control2 加密问题漏洞

Blink1Control2 is a desktop application by Tod Kurt Personal Developer. It is used to control and hook events to blink1. A security vulnerability exists in Blink1Control2 version 2.2.7 and earlier that stems from the use of weak password encryption and insecure storage methods...

CVE-2022-2758

Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems LSIS Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all...

CVE-2022-2758

CVE-2022-2758 involves inadequate encryption strength in LS Electric’s XG5000 software communication with LS Electric PLCs. Affected products include XG5000 (all versions prior to 4.0) and PLCs: XGK-CPUU/H/A/S/E (all versions prior to 3.50), XGI-CPUU/UD/H/S/E (prior to 3.20), XGR-CPUH (prior to 1...

PT-2022-18501 · Ls Electric · Xgb-Xbch +6

Name of the Vulnerable Software and Affected Versions: LS Electric XG5000 software versions prior to V4.0 LS Electric PLCs: XGK-CPUU/H/A/S/E versions prior to V3.50 XGI-CPUU/UD/H/S/E versions prior to V3.20 XGR-CPUH versions prior to V1.80 XGB-XBMS versions prior to V3.00 XGB-XBCH versions prior ...

PT-2022-23973 · Apache · Apache Openoffice +1

Name of the Vulnerable Software and Affected Versions: Apache OpenOffice versions prior to 4.1.13 Description: A flaw in Apache OpenOffice exists where the required initialization vector for encryption is always the same, weakening the security of the encryption. This makes stored passwords...

CVE-2022-26307

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 t...

CVE-2022-26307 Weak Master Keys

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 t...

CVE-2022-32294

Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password from the "zmprove ca" command. It is visible in cleartext on port UDP 514 aka the syslog port. NOTE: a third party reports that this cannot be reproduced...

CVE-2022-32294

Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password from the "zmprove ca" command. It is visible in cleartext on port UDP 514 aka the syslog port. NOTE: a third party reports that this cannot be reproduced...

CVE-2022-32294

Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password from the "zmprove ca" command. It is visible in cleartext on port UDP 514 aka the syslog port. NOTE: a third party reports that this cannot be reproduced...

CVE-2022-32294

The connected sources confirm a vulnerability in Zimbra Collaboration Open Source 8.8.15 where the initial-login randomly created password (generated by the zmprove ca command) is not encrypted and is visible in cleartext on UDP port 514 (syslog). Root cause described as lack of encryption for th...

Passwords stored in plain text by Jenkins Artifactory Plugin

Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password in plain text in the global configuration file org.jfrog.hudson.ArtifactoryBuilder.xml. This password can be viewed by users with access to the Jenkins controller file system. Artifactory Plugin 3.6.0 now stores the...

GHSA-PXV2-MFQ7-VHP6 Jenkins Inedo BuildMaster Plugin showed plain text password in configuration form

Jenkins Inedo BuildMaster Plugin Plugin stores a service password in its global Jenkins configuration. While the password is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the password through browser extensions,...