CVE-2024-35178 Jupyter server on Windows discloses Windows user password hash

The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows...

CVE-2024-35178

The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows...

GHSA-3P4X-GRPM-XW58 Password hash exposed in CraftCMS two factor authentication plugin

The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP...

Password hash exposed in CraftCMS two factor authentication plugin

The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP...

CVE-2024-5657

The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP...

CVE-2024-5657

The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP...

CVE-2024-5657 CraftCMS Plugin - Two-Factor Authentication - Password Hash Disclosure

The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP...

CVE-2024-5657 CraftCMS Plugin - Two-Factor Authentication - Password Hash Disclosure

The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP...

CVE-2024-5657

CVE-2024-5657 affects CraftCMS plugin Two-Factor Authentication (versions 3.3.1–3.3.3). After submitting a valid TOTP, the plugin discloses the password hash of the currently authenticated user in server responses. Root cause: improper handling/exposure of password hashes within normal responses....

PT-2024-26358 · Unknown · Jupyter Server

Name of the Vulnerable Software and Affected Versions: Jupyter Server versions prior to 2.14.1 Description: The Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack thi...

OESA-2024-1668 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

OESA-2024-1669 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

OESA-2024-1592 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

The vulnerability of the application software interface of the BIG-IP Next Central Manager allows unauthorized access to protected information, enabling attackers to obtain the administrator’s password hash.

The vulnerability of the application software interface of the BIG-IP Next Central Manager relates to the disclosure of protected information. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain the administrator’s password hash by executing a specially...

Directus allows redacted data extraction on the API through "alias"

Summary A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the alias functionality on the API. Normally, these redacted fields will return however if we change the request to ?aliasworkaround=redacted we can instead retrieve the...

CVE-2024-34340 Authentication Bypass when using using older password hashes

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls compatpasswordhash when users set their password. compatpasswordhash use passwordhash if there is it, else use md5. When verifying password, it calls compatpasswordverify. In...

RHEL 6 : 389-ds-base (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - 389-ds-base: Password brute-force possible for locked account due to different return codes CVE-2017-7551...

RHEL 7 : qci (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - QCI: uses MD5 as password hash algorithm on deployed systems CVE-2016-6340 Note that Nessus has not tested for this...

PT-2024-3341 · F5 · Big-Ip Next Central Manager

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP Next Central Manager affected versions not specified Description: An SQL injection vulnerability exists in the BIG-IP Next Central Manager API. This vulnerability allows an unauthenticated attacker to conduct a remote attack and gai...

AZL-40061 CVE-2024-3096 affecting package php for versions less than 8.3.6-1

In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, if a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true...