Dolibarr Cross Site Request Forgery (CSRF)

Dolibarr 7.0.0 is affected by: Cross Site Request Forgery CSRF. The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access...

GHSA-HWMC-V6J6-GC2P Dolibarr Cross Site Request Forgery (CSRF)

Dolibarr 7.0.0 is affected by: Cross Site Request Forgery CSRF. The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access...

Jenkins Perforce Plugin exposure of sensitive information vulnerability exists

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them...

Mitsubishi MELSEC Q03UDECPU PLC has a Logic Defect Vulnerability

Mitsubishi Electric Automation China Co., Ltd. is a wholly-owned enterprise in China invested by Mitsubishi Electric Corporation. It mainly produces mechanical appliances for power distribution including low-voltage circuit breakers, electromagnetic openers and closers, electrical processing...

CVE-2020-25180

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm...

CVE-2022-25012

Argus Surveillance DVR v4.0 employs weak password encryption...

CVE-2022-25012

Argus Surveillance DVR v4.0 employs weak password encryption...

CVE-2022-25012

Argus Surveillance DVR v4.0 is affected by a weakness in its password handling: the use of weak password encryption. The disorder originates in the authentication mechanism and is documented across multiple feeds in the CVE-2022-25012 family. Public references in connected sources include exploit...

Argus Surveillance Dvr 加密问题漏洞

Argus Surveillance Dvr is a general purpose software for secure hybrid platforms from Argus Surveillance USA. It works simultaneously with wireless and wired Ip cameras, TV boards, capture cards, powerline and Usb cameras. A security vulnerability exists in Argus Surveillance DVR version v4.0 tha...

Cross site request forgery (csrf)

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...

Arista Networks MOS 加密问题漏洞

Arista Networks MOS is a fully programmable and highly modular Linux-based network operating system from Arista Networks, Inc. that uses the familiar industry-standard CLI and runs a single binary software image in the Arista switch family. The vulnerability stems from the fact that the product...

Broken User Authentication☝️ — What you need to know

Broken User Authentication☝️ — What you need to know Introduction API2:Broken User Authentication What is Broken User Authentication? Broken User Authentication can manifest in several issues. Whenever we come across an API endpoint that handles authentication we need to be extra careful since...

Argus Surveillance DVR 4.0 - Weak Password Encryption Exploit

Exploit Title: Argus Surveillance DVR 4.0 - Weak Password Encryption Exploit Author: Salman Asad @deathflash1411 Version: Argus Surveillance DVR 4.0 Tested on: Windows 7 x86 Build 7601 & Windows 10 Reference: https://deathflash1411.github.io/blog/cracking-argus-surveillance-passwords Note: Argus...

Argus Surveillance DVR 4.0 Weak Password Encryption

Exploit Title: Argus Surveillance DVR 4.0 - Weak Password Encryption Exploit Author: Salman Asad @deathflash1411 Date: 12.07.2021 Version: Argus Surveillance DVR 4.0 Tested on: Windows 7 x86 Build 7601 & Windows 10 Reference:...

PT-2021-7762 · Rockwell Automation · Isagraf Runtime

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ISaGRAF Runtime versions 4.x through 5.x Description: The issue concerns the encryption of passwords used to execute privileged commands in the ISaGRAF Runtime. Specifically, a fixed key value is used with the tiny...

CVE-2020-18220

Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks...

Design/Logic Flaw

Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks...

CVE-2020-18220

Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks...

Code injection

Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext...

CVE-2021-21507

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure...