CVE-2023-5968 Password hash in response body after username update

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body...

CVE-2023-5968 Password hash in response body after username update

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body...

CVE-2023-5968

Mattermost: CVE-2023-5968 is a vulnerability where the server fails to properly sanitize the user object during username updates, causing the password hash to be included in the response body. Affected data exposure is limited to the password hash disclosure in responses per the available documen...

Mattermost Security Vulnerabilities

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from failing to properly clean up the user object when updating the username, causing the password hash to be included in the response body...

CVE-2023-5846 Use of Password Hash With Insufficient Computational Effort in Franklin Fueling System TS-550

Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device...

Oracle 19c / 21c Sharding Component Password Hash Exposure

Title: CVE-2023-22074 – Oracle database password hash exposure in sharding component Product: Database Manufacturer: Oracle Affected Versions: 19c,21c 19.3-19.20 and 21.3-21.11 Tested Versions: 19c Risk Level: Low Solution Status: Fixed CVE Reference: CVE-2023-22074 Base Score: 2.4 Author of...

CVE-2023-44201

An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions. When a user with the respective permissions commits a...

CVE-2023-44201

An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions. When a user with the respective permissions commits a...

PT-2023-6146 · Juniper Networks · Junos Evolved +1

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 20.4R3-S4 Juniper Networks Junos OS versions 21.1 prior to 21.1R3-S4 Juniper Networks Junos OS versions 21.2 prior to 21.2R3-S2 Juniper Networks Junos OS versions 21.3 prior to 21.3R2-S2, 21.3R3-S1...

Juniper SRX Firewall / EX Switch Remote Code Execution Exploit

This Metasploit module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices running FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP...

Juniper SRX Firewall / EX Switch Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'unixcrypt' require 'net/ssh' require 'net/ssh/commandstream' class MetasploitModule 'Junos OS PHPRC Environment Variable Manipulation RCE', 'Description' = %q...

Junos OS PHPRC Environment Variable Manipulation RCE

This module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices run FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP features. The...

CVE-2023-43132

szvone vmqphp =1.13 is vulnerable to SQL Injection. Unauthorized remote users can use sql injection attacks to obtain the hash of the administrator password...

CVE-2023-43132

szvone vmqphp =1.13 is vulnerable to SQL Injection. Unauthorized remote users can use sql injection attacks to obtain the hash of the administrator password...

vmqphp SQL Injection Vulnerability

vmqphp is a set of signature-free payment programs for vone individual developers. A security vulnerability exists in vmqphp 1.13 and earlier versions, which stems from the fact that an unauthorized remote user can use a sql injection attack to obtain the hash value of the administrator password...

PT-2023-28709 · Unknown · Szvone Vmqphp

Name of the Vulnerable Software and Affected Versions: szvone vmqphp versions =1.13 Description: The issue allows unauthorized remote users to use SQL injection attacks to obtain the hash of the administrator password. This can be achieved through sql injection attacks, which enable attackers to...

The vulnerability of the remote access software for devices on the Digi RealPort network lies in the use of a password hash instead of a plain-text password for authentication. This allows attackers to compromise the target system.

The vulnerability of the remote access software for devices on the Digi RealPort network relates to the use of a password hash instead of a plain-text password for authentication. Exploiting this vulnerability allows an attacker to compromise the target system remotely...

CVE-2022-47557 Use of Password Hash With Insufficient Computational Effort in Ormazabal products

Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions...

CVE-2022-47557 Use of Password Hash With Insufficient Computational Effort in Ormazabal products

Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions...

CVE-2023-4986

A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this...