CVE-2025-52543

CVE-2025-52543 affects E3 Site Supervisor Control (firmware versions prior to 2.31F01) and its application services MGW/RCI. The root cause is use of client-side hashing for authentication, enabling an attacker to authenticate by obtaining only a password hash. Public references consistently desc...

CVE-2025-52543 Login to the application services using only the password hash

E3 Site Supervisor Control firmware version 2.31F01 application services MGW and RCI uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash...

CVE-2025-52543 Login to the application services using only the password hash

E3 Site Supervisor Control firmware version 2.31F01 application services MGW and RCI uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash...

PT-2025-35552

Name of the Vulnerable Software and Affected Versions: E3 Site Supervisor Control versions prior to 2.31F01 Description: The E3 Site Supervisor Control application services MGW and RCI utilize client-side hashing for authentication. This allows an attacker to authenticate by obtaining only the...

Linux Distros Unpatched Vulnerability : CVE-2024-35178

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the...

Use of Password Hash With Insufficient Computational Effort

Overview Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the use of a simple, unsalted hash for storing user passwords and API keys. An attacker can obtain sensitive information by performing offline rainbow table attacks...

Use of Password Hash With Insufficient Computational Effort

Overview Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the use of a simple, unsalted hash for storing user passwords and API keys. An attacker can obtain sensitive information by performing offline rainbow table attacks...

Use of Password Hash With Insufficient Computational Effort

Overview Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the use of a simple, unsalted hash for storing user passwords and API keys. An attacker can obtain sensitive information by performing offline rainbow table attacks...

CVE-2025-35114

Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30...

CVE-2025-35114 Agiloft local privilege escalation via default credentials

Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30...

CVE-2025-35114

CVE-2025-35114 affects Agiloft Release 28, where several accounts use default credentials enabling local privilege escalation. The vulnerability arises from accounts with known password hashes that could be cracked offline. Mitigation suggested in multiple sources is upgrading to Agiloft Release ...

CVE-2025-35114 Agiloft local privilege escalation via default credentials

Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30...

PT-2025-34815 · Agiloft · Agiloft

Name of the Vulnerable Software and Affected Versions: Agiloft versions prior to 30 Description: Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could...

Linux Distros Unpatched Vulnerability : CVE-2009-4269

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the...

Linux Distros Unpatched Vulnerability : CVE-2014-0246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive...

Linux Distros Unpatched Vulnerability : CVE-2024-7701

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects...

Linux Distros Unpatched Vulnerability : CVE-2017-15423

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512password b...

Linux Distros Unpatched Vulnerability : CVE-2014-9970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jasypt before 1.9.2 allows a timing attack against the password hash comparison. CVE-2014-9970 Note that Nessus relies on the presence of the package as reporte...

XWiki leaks password hashes and other accessible password properties

Impact Any user with edit right on a page of the wiki can create an XClass with a database list property that references a password property, for example the password hash that is stored for users. When adding an object of that XClass, the content of that password property is displayed. In...

CVE-2025-5922 Retrievable password hash protecting TSplus admin console

Access to TSplus Remote Access Admin Tool is restricted to administrators unless "Disable UAC" option is enabled and requires a PIN code. In versions below v18.40.6.17 the PIN's hash is stored in a system registry accessible to regular users, making it possible to perform a brute-force attack usi...