Lucene search
K

1753 matches found

Vulnrichment
Vulnrichment
added 2023/01/26 10:15 a.m.11 views

CVE-2023-23614 Improper session handling of "Remember me for 7 days" functionality

Pi-hole®'s Web interface based off of AdminLTE provides a central location to manage your Pi-hole. Versions 4.0 and above, prior to 5.18.3 are vulnerable to Insufficient Session Expiration. Improper use of admin WEBPASSWORD hash as "Remember me for 7 days" cookie value makes it possible for an...

8.8CVSS8.8AI score0.0097EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/01/26 12:0 a.m.8 views

PT-2023-19076 · Pi-Hole · Pi-Hole

Name of the Vulnerable Software and Affected Versions: Pi-hole versions 4.0 through 5.18.2 Description: The issue concerns the improper use of the admin WEBPASSWORD hash as a "Remember me for 7 days" cookie value in Pi-hole's Web interface. This allows an attacker to "pass the hash" and login or...

8.8CVSS8.5AI score0.0097EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.19 views

Siemens Desigo PXC and DXR Devices Use of Password Hash with Insufficient Computational Effort (CVE-2022-24041)

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application stores the PBKDF2 derived key of users passwords with a low...

6.5CVSS6.4AI score0.0044EPSS
Exploits0References3
OSV
OSV
added 2023/01/20 3:15 a.m.4 views

CVE-2023-22334

Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System CHS Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack...

5.3CVSS5.9AI score0.00879EPSS
Exploits0References4
NVD
NVD
added 2023/01/20 3:15 a.m.29 views

CVE-2023-22334

Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System CHS Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack...

5.3CVSS6.2AI score0.00879EPSS
Exploits0References4
Prion
Prion
added 2023/01/20 3:15 a.m.20 views

Authentication flaw

Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System CHS Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack...

2.1CVSS6.1AI score0.00879EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/01/20 12:0 a.m.31 views

CVE-2023-22334

Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System CHS Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack...

5.4AI score0.00879EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/01/20 12:0 a.m.5 views

CVE-2023-22334

Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System CHS Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack...

6.5AI score0.00879EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/01/10 8:26 p.m.7 views

CVE-2022-46163 travel-support-program vulnerable to data exfiltration via Ransack query injection

Travel support program is a rails app to support the travel support program of openSUSE TSP. Sensitive user data bank account details, password Hash can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...

7.5CVSS7.9AI score0.01019EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/12/26 12:0 a.m.4 views

Pilz PMC programming tool 安全漏洞

The Pilz PMC programming tool is a PMC programming tool from Pilz, Germany. A security vulnerability exists in versions of the Pilz PMC programming tool prior to 3.x through 3.5.17, which stems from an insufficient computation of its password hash feature...

7.8CVSS8.2AI score0.00164EPSS
Exploits0References5
ICS
ICS
added 2022/12/22 12:0 a.m.39 views

Priva TopControl Suite

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Priva Equipment: TopControl Suite Vulnerability: Use of Password Hash with Insufficient Computational Effort 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

7.5CVSS7.7AI score0.00487EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/12/16 4:29 a.m.3 views

Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)

Overview CONPROSYS HMI System CHS provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2022-44456 Use of Default Credentials CWE-1392 - CVE-2023-22331 Use of Password Hash Instead of Password for Authentication CWE-836 - CVE-2023-22334...

10CVSS7.2AI score0.69877EPSS
Exploits0References19
ICS
ICS
added 2022/12/13 12:0 a.m.58 views

Contec CONPROSYS HMI System (CHS)

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Contec Equipment: CONPROSYS HMI System CHS --------- Begin Update A part 1 of 5 --------- Vulnerability: OS Command Injection, Use of Default Credentials, Use of Password Hash Instead of Password for...

9.8CVSS7.8AI score0.69877EPSS
Exploits0References4
Veracode
Veracode
added 2022/12/06 2:27 a.m.25 views

Cross-Site Request Forgery (CSRF)

craftcms/cms is vulnerable to cross-site request forgery. The vulnerability exists because the CRAFTCSRFTOKEN cookie in Request.php gets improperly encoded, allowing an attacker to disclose the password hash through the HTML hidden field...

7.5CVSS7.1AI score0.01035EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/12/05 9:15 p.m.39 views

CVE-2022-37783

All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFTCSRFTOKEN and a HTML hidden field called CRAFTCSRFTOKEN to avoid Cross Site Request Forgery attacks. T...

7.5CVSS7.6AI score0.01035EPSS
Exploits1References3
NVD
NVD
added 2022/11/17 10:15 p.m.15 views

CVE-2022-3090

Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This coul...

7.5CVSS0.00609EPSS
Exploits0References1
OSV
OSV
added 2022/11/17 10:15 p.m.5 views

CVE-2022-3090

Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This coul...

5.3CVSS5.9AI score
Exploits0References1
OSV
OSV
added 2022/11/15 2:15 a.m.7 views

CVE-2022-40843

The Tenda AC1200 V-W15Ev2 V15.11.0.101576 router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of...

4.9CVSS5.8AI score0.28802EPSS
Exploits1References1
NVD
NVD
added 2022/11/14 9:15 p.m.65 views

CVE-2022-37109

patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when...

9.8CVSS0.49201EPSS
Exploits3References4
Cvelist
Cvelist
added 2022/11/14 12:0 a.m.65 views

CVE-2022-37109

patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when...

9.9AI score0.49201EPSS
Exploits3References4
Rows per page
Query Builder