CVE-2022-41876 ezplatform-graphql GraphQL queries can expose password hashes

ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or...

CVE-2022-3422

Account Takeover :: when see the info i can see the hash pass i can creaked it ............... Account Takeover :: when see the info i can see the forgotpasswordtoken the hacker can send the request and changed the pass...

CVE-2022-3422 Improper Privilege Management in tooljet/tooljet

Account Takeover :: when see the info i can see the hash pass i can creaked it ............... Account Takeover :: when see the info i can see the forgotpasswordtoken the hacker can send the request and changed the pass...

Reddit: sensitive data exposure

Summary: A Password hash entry was found in /etc/passwd. This is a major vulnerability since /etc/passwd is a world-readable file by default. Once the password hash is found, an attacker may extract the password using a program like crack. Impact: it is high impact vulnerability .once hacker foun...

PT-2022-7466 · Unknown · Masterscada

Name of the Vulnerable Software and Affected Versions: MasterSCADA affected versions not specified Description: The issue is related to insufficient protection of service data in the MasterSCADA SCADA system. Exploitation of this issue may allow an attacker to gain unauthorized access to the...

GHSA-44W5-Q257-8428 Exposure of password hashes in notrinos/notrinos-erp

The AP officers account is authorized to Backup and Restore the Database, Due to this he/she can download the backup and see the password hash of the System Administrator account, The weak hash MD5 of the password can be easily cracked and get the admin password...

PT-2022-19462 · Unknown · Notrinoserp

Name of the Vulnerable Software and Affected Versions: notrinoserp versions prior to v0.7 Description: The issue results in exposure of private personal information to an unauthorized actor, leading to privilege escalation to a system administrator account. This allows an attacker to gain access ...

WWBN AVideo password hash improper authentication vulnerability

Talos Vulnerability Report TALOS-2022-1545 WWBN AVideo password hash improper authentication vulnerability August 16, 2022 CVE Number CVE-2022-32282 SUMMARY An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a...

The vulnerability of Siemens SIMATIC process control system’s API interface allows a hacker to obtain the password hash.

The vulnerability of Siemens SIMATIC process control system APIs is related to the disclosure of information. Exploiting this vulnerability can allow a remote attacker to obtain the password hash...

PYSEC-2022-247

Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The...

Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings

An authenticated Admin user could craft HTTP requests to filter users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and...

The vulnerability of the microprogramming software for the Desigo DXR2, PXC3, PXC4, and PXC5 station modules lies in the insufficient calculation of password hashes. This allows attackers to gain access to the devices by intercepting authentication tokens.

The vulnerability of the microprogramming software of the Desigo DXR2, PXC3, PXC4, and PXC5 devices is related to insufficient calculation of the password hash. Exploiting this vulnerability can allow an attacker to gain access to the device by intercepting the authentication token...

Siemens SICAM GridEdge Resource Leakage Vulnerability

SICAM GridEdge enables your existing IEC61850 devices to have IoT functionality with just a few clicks.A resource leak vulnerability exists in Siemens SICAM GridEdge, which stems from the fact that the affected software discloses the password hash of another user upon request, which can be...

CVE-2022-30231

A vulnerability has been identified in SICAM GridEdge Classic All versions V2.6.6. The affected application discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another user's password hash...

CVE-2022-30231

A vulnerability has been identified in SICAM GridEdge Classic All versions V2.6.6. The affected application discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another user's password hash...

CVE-2022-30231

CVE-2022-30231 affects Siemens SICAM GridEdge Essential products (ARM/Intel variants, with/without GDS) and SICAM GridEdge Classic in affected ranges, where prior to v2.6.6 a resource-leak exposes password hashes of other users upon request. The vulnerability enables an authenticated user to retr...

Siemens SICAM GridEdge Essential 安全漏洞

SICAM GridEdge enables your existing IEC61850 devices to have IoT functionality with just a few clicks.A resource leak vulnerability exists in Siemens SICAM GridEdge, which stems from the fact that the affected software discloses the password hash of another user upon request, which can be...

Owl Labs Meeting Owl Information Disclosure Vulnerability

Owl Labs Meeting Owl is a video conferencing device from Owl Labs, Inc. Equipped with a series of cameras and microphones, it captures 360-degree video and audio and automatically focuses on the speaker, making meetings more dynamic and inclusive.Owl Labs Meeting Owl version 5.2.0.15 contains an...

CVE-2022-24581

ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software...

Owl Labs Meeting Owl 加密问题漏洞

Owl Labs Meeting Owl is a video conferencing device from Owl Labs, Inc. Equipped with a series of cameras and microphones, it captures 360-degree video and audio and automatically focuses on the speaker, making meetings more dynamic and inclusive.Owl Labs Meeting Owl version 5.2.0.15 contains an...