CVE-2024-2365 Musicshelf SHA-1 PinningTrustManager.java weak password hash

A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\PinningTrustManager.java of the component SHA-1 Handler. The manipulation leads to password hash with...

CVE-2024-2365

CVE-2024-2365 (Musicshelf, Android) affects Musicshelf 1.0/1.1. The vulnerability concerns an unknown function in PinningTrustManager.java (SHA-1 Handler) where manipulation could lead to a password hash with insufficient computational effort. Exploitation is described as possible on a physical d...

CVE-2024-2365 Musicshelf SHA-1 PinningTrustManager.java weak password hash

A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\PinningTrustManager.java of the component SHA-1 Handler. The manipulation leads to password hash with...

BIT-MATTERMOST-2023-1831

Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled ExperimentalAuditSettings section in config...

Exploit for CVE-2021-42278

This is a Python script for exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate a Domain Administrator DA from a standard domain user. The script uses the Impacket library to interact with the Active Directory. The script has several components: 1. samtheadmin.py: This is the main script...

Liferay Portal and Liferay DXP Security Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

CVE-2024-25118

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this...

TYPO3 8.0.0 < 8.7.57 ELTS / 9.0.0 < 9.5.46 ELTS / 10.0.0 < 10.4.43 ELTS / 11.0.0 < 11.5.35 / 12.0.0 < 12.4.11 / 13.0.1 (TYPO3-CORE-SA-2024-003)

The version of TYPO3 installed on the remote host is prior to 8.0.0 8.7.57 ELTS / 9.0.0 9.5.46 ELTS / 10.0.0 10.4.43 ELTS / 11.0.0 11.5.35 / 12.0.0 12.4.11 / 13.0.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2024-003 advisory. - TYPO3 is an open source PHP...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CVE-2023-35636 Microsoft Outlook Information Disclosure Vulner...

AlmaLinux 9 : grub2 (ALSA-2024:0468)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0468 advisory. - An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the passwor...

RHEL 9 : grub2 (RHSA-2024:0437)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0437 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...

CVE-2023-4001

CVE-2023-4001 affects GRUB2 on certain downstream Red Hat patches where an attacker with physical access can bypass GRUB password protection by using a removable drive with a duplicate UUID to locate the config file containing the password hash. The issue was introduced in a downstream patch (not...

grub2 security vulnerability

grub2 is a Linux system boot program from the American GNU community. A security vulnerability exists in grub2 that stems from GRUB using the device's UUID to search for a configuration file containing a password hash for GRUB's password protection feature, resulting in an authentication bypass...

Exploit for Incorrect Authorization in Polkit_Project Polkit

CVE-2021-3560-Polkit-Privilege-Escalation by Mark, Qingchen Yu...

The vulnerability of the software for creating and managing graphical user interfaces in industrial automation systems like SCADA CONPROSYS HMI Systems lies in the use of a password hash instead of a password for authentication. This allows attackers to exploit this flaw to disclose sensitive information through a “man-in-the-middle” attack.

The vulnerability of the SCADA CONPROSYS HMI System lies in the use of a password hash instead of a plain-text password for authentication. Exploiting this vulnerability allows an attacker, operating remotely, to disclose sensitive information through a “man-in-the-middle” attack...

CVE-2023-47579

Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system...

CVE-2023-47579

Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system...

CVE-2023-47579

Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system...

Information disclosure

Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system...

CVE-2023-47579

Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system...