1748 matches found
CVE-2005-4775
Michael Scholz and Sebastian Stein Contineo 2.0, when the admin account lacks an e-mail address attribute, displays the password hash in a warning upon page reload, which might allow remote attackers to view the hash...
CVE-2025-47276 Actualizer Uses OpenSSL's "-passwd" Function Which Uses SHA512 Under The Hood Instead of Proper Password Hasher like Yescript/Argon2i
Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems OS. Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password hasher like Yescript/Argon2i. All Actualizer...
CVE-2025-47276 Actualizer Uses OpenSSL's "-passwd" Function Which Uses SHA512 Under The Hood Instead of Proper Password Hasher like Yescript/Argon2i
Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems OS. Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password hasher like Yescript/Argon2i. All Actualizer...
Actualizer 安全漏洞
Actualizer is a simple single shell scripting solution open-sourced by ChewKeanHo for creating Debian from scratch. A security vulnerability exists in versions of Actualizer prior to 1.2.0 that stems from the use of an inappropriate SHA512 password hash algorithm, which may result in insufficient...
CVE-2025-46634
Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated attacker to authenticate to the web management portal by collecting credentials from observed/collected traffic. It implements encryption, but not until after...
CVE-2024-57698
An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration and password change. This happens due to excessive exposure of information and the lack of adequate access control on the...
CVE-2025-46634
Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated attacker to authenticate to the web management portal by collecting credentials from observed/collected traffic. It implements encryption, but not until after...
PT-2025-18708 · Tenda · Tenda Rx2 Pro
Name of the Vulnerable Software and Affected Versions: Tenda RX2 Pro version 16.03.30.14 Description: The web management portal of the Tenda RX2 Pro transmits sensitive information, including the hash of the user's password, in cleartext. This could allow an unauthenticated attacker to collect...
CVE-2024-57698
An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration and password change. This happens due to excessive exposure of information and the lack of adequate access control on the...
CVE-2024-57698
An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration and password change. This happens due to excessive exposure of information and the lack of adequate access control on the...
ModernWMS 安全漏洞
ModernWMS is an open source simple and complete warehouse management system from fjykTec open source. A security vulnerability exists in ModernWMS version 1.0, which stems from overexposure of /user/list?culture=en-us endpoint information and insufficient access control, which could lead to viewi...
CVE-2025-32789
EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of t...
CVE-2025-32789
EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of t...
CVE-2025-32789 EspoCRM Allows Potential Disclosure of Sensitive Information in the User Sorting Function
EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of t...
CVE-2025-32789
EspoCRM (open-source CRM) prior to version 9.0.7 is affected by a vulnerability in the user password hashing disclosure feature. The issue allows an attacker to infer other users’ password hashes by sorting the user list by the password hash, potentially enabling password changes if the attacker ...
CVE-2025-32789 EspoCRM Allows Potential Disclosure of Sensitive Information in the User Sorting Function
EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of t...
CVE-2025-32789 EspoCRM Allows Potential Disclosure of Sensitive Information in the User Sorting Function
EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of t...
EspoCRM 安全漏洞
EspoCRM is an open source web-based customer relationship management CRM system from EspoCRM Open Source. The system provides features such as sales automation, community and customer support. A security vulnerability exists in EspoCRM versions prior to 9.0.7 that stems from improper password has...
CVE-2025-27552
DBIx::Class::EncodedColumn use the rand function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032...
CVE-2025-27552
CVE-2025-27552 affects the Perl DBIx::Class::EncodedColumn component, where the salting of password hashes uses the non-cryptographically secure rand() function in Crypt/Eksblowfish/Bcrypt.pm. The issue impacts DBIx::Class::EncodedColumn up to version 0.00032. According to the connected documents...