Relyum RELY-PCIe Security Vulnerability

The Relyum RELY-PCIe is an intelligent pluggable board from Relyum Spain. A security vulnerability exists in Relyum RELY-PCIe version 22.2.1 that originates from a system group misconfiguration. An attacker could exploit the vulnerability to gain read access to the operating system's central...

CVE-2023-47579

Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system...

CVE-2023-47579

CVE-2023-47579 affects Relyum RELY-PCIe devices (version 22.2.1). The root cause is a system group misconfiguration that permits read access to the operating system’s central password hash file. Public sources in the connected documents consistently describe an information disclosure risk but do ...

PT-2023-30514 · Relyum · Rely-Pcie

Name of the Vulnerable Software and Affected Versions: Relyum RELY-PCIe version 22.2.1 Description: The issue is related to a system group misconfiguration in Relyum RELY-PCIe devices, which allows read access to the central password hash file of the operating system. Recommendations: For Relyum...

The vulnerability of the TRACE MODE SCADA system, related to unencrypted storage of user credentials, allows a hacker to replace one user’s password hash with another and gain access to the SCADA system.

The vulnerability of the TRACE MODE SCADA system is related to the unencrypted storage of user credentials. Exploiting this vulnerability could allow a perpetrator to replace the password hash for one user with that of another user and gain access to the SCADA system...

GHSA-2FR7-CC7P-P45Q Data leak of password hash through change requests

Impact Change request allows to edit any page by default, and the changes are then exported in an XML that anyone can download. So it's possible for an attacker to obtain password hash of users by performing edition of the user profiles and then downloading the XML that has been created. This is...

Data leak of password hash through change requests

Impact Change request allows to edit any page by default, and the changes are then exported in an XML that anyone can download. So it's possible for an attacker to obtain password hash of users by performing edition of the user profiles and then downloading the XML that has been created. This is...

CVE-2023-40463

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access...

CVE-2023-40463 Use of Hard-Coded Credentials

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access...

CVE-2023-49280 Data leak of password hash through xwiki change request

XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it's possible for an attacker to obtain...

CVE-2023-49280 Data leak of password hash through xwiki change request

XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it's possible for an attacker to obtain...

CVE-2023-49280

The CVE-2023-49280 issue affects the XWiki Change Request extension. By default, Change Request can let a user edit any page and export changes as an XML file, which can leak password hashes when a user profile (or other password-containing document) is edited and the resulting XML is downloaded....

VulnCheck KEV: CVE-2017-7927

A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3,...

The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software, related to the use of a weak password hash function, allows attackers to modify the device’s configuration.

The vulnerability of Siemens SCALANCE industrial switches’ microprogrammed software is related to the use of a weak password hash function. Exploiting this vulnerability could allow an attacker to remotely modify the device’s configuration...

Multiple vulnerabilities in EXPRESSCLUSTER X

Overview WebManager/Cluster WebUI of EXPRESSCLUSTER X provided by NEC Corporation contains multiple vulnerabilities listed below. Missing authorization CWE-862 - CVE-2023-39544 Files or directories accessible to external parties CWE-552 - CVE-2023-39545 Use of password hash instead of password fo...

Sensitive Data Exposure

Mattermost is vulnerable to Sensitive Information Exposure. The vulnerability is due to the failure to properly sanitize the user object when updating the username, which results in the password hash being disclosed in the response body...

GHSA-R67M-MF7V-QP7J Mattermost password hash disclosure vulnerability

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body...

Mattermost password hash disclosure vulnerability

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body...

CVE-2023-5968

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body...

CVE-2023-5968

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body...