1753 matches found
Security Bulletin: IBM MQ Appliance affected by a password hash that provides insufficient protection (CVE-2022-22321)
Summary IBM MQ Appliance has remedied a password hash that provides insufficient protection. Vulnerability Details CVEID: CVE-2022-22321 DESCRIPTION: IBM MQ Appliance local messaging users stored with a password hash that provides insufficient protection. CVSS Base score: 5.1 CVSS Temporal Score:...
Huawei EulerOS: Security Advisory for 389-ds-base (EulerOS-SA-2022-1156)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GitHub Security Lab: [C#] CWE-759: Query to detect password hash without a salt
This bug was reported directly to GitHub Security Lab...
CVE-2021-40360
A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions, SIMATIC PCS 7 V9.1 All versions V9.1 SP1, SIMATIC WinCC V15 and earlier All versions V15 SP1 Update 7, SIMATIC WinCC V16 All versions V16 Update 5, SIMATIC WinCC V17 All versions V17 Update 2,...
CVE-2021-40360
A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions, SIMATIC PCS 7 V9.1 All versions V9.1 SP1, SIMATIC WinCC V15 and earlier All versions V15 SP1 Update 7, SIMATIC WinCC V16 All versions V16 Update 5, SIMATIC WinCC V17 All versions V17 Update 2,...
CVE-2021-40360
A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions, SIMATIC PCS 7 V9.1 All versions V9.1 SP1, SIMATIC WinCC V15 and earlier All versions V15 SP1 Update 7, SIMATIC WinCC V16 All versions V16 Update 5, SIMATIC WinCC V17 All versions V17 Update 2,...
CVE-2021-40360
Siemens SIMATIC PCS 7 and SIMATIC WinCC contain a vulnerability (CVE-2021-40360) where the password hash of a local account on a remote server can be exposed via a public API, enabling an authenticated attacker to brute‑force and log in. Affected: PCS 7 v8.2–v9.1; WinCC v7.4–v7.5 and v15–v17 (wit...
PT-2022-4092 · Siemens · Simatic Pcs 7 +1
Name of the Vulnerable Software and Affected Versions: SIMATIC PCS 7 versions V8.2 through V9.1 SIMATIC PCS 7 version V9.1 prior to V9.1 SP1 SIMATIC WinCC versions V7.4 through V7.4 prior to V7.4 SP1 Update 19 SIMATIC WinCC versions V7.5 through V7.5 prior to V7.5 SP2 Update 6 SIMATIC WinCC...
Siemens SIMATIC 信息泄露漏洞
Siemens SIMATIC PCS 7 and SIMATIC WinCC are both products of Siemens, Germany.SIMATIC PCS 7 is a process control system.SIMATIC WinCC is an automated data acquisition and monitoring SCADA system. Siemens SIMATIC PCS 7 and SIMATIC WinCC have a security vulnerability that allows an authenticated...
Siemens SIMATIC PCS 7 and SIMATIC WinCC Information Disclosure Vulnerability
Siemens SIMATIC PCS 7 and SIMATIC WinCC are both products of Siemens, Germany.SIMATIC PCS 7 is a process control system.SIMATIC WinCC is an automated data acquisition and monitoring SCADA system. Siemens SIMATIC PCS 7 and SIMATIC WinCC have a security vulnerability that allows an authenticated...
Siemens SICAM MMU, SICAM T, and SICAM SGU Use of Password Hash with Insufficient Computational Effort (CVE-2020-10040)
A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker with local access to the device might be able to retrieve some passwords in clear text. This plugin only works with Tenable.ot. Please visit...
Mageia: Security Advisory (MGASA-2017-0421)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
UPchieve: No character limit in password field
Hey, when I try to set the password while creating an account into "UPchieve" I noticed that you haven't kept any password limit. You need to decrease password length: There are two reasons for limiting the password size. For one, hashing a large amount of data can cause significant resource...
CVE-2021-45406
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password...
CVE-2021-45406
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password...
Sql injection
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password...
CVE-2021-45406
In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password...
SalonERP 3.0.1 SQL Injection
Exploit Title: SalonERP 3.0.1 - 'sql' SQL Injection Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://salonerp.sourceforge.io/ Software Link: https://sourceforge.net/projects/salonerp/files/latest/download Version: SalonERP v3.0.1 Tested on: Ubuntu Mate 20.04 Vulnerable...
PT-2022-12304 · Cobbler +2 · Cobbler +2
Name of the Vulnerable Software and Affected Versions: Cobbler versions prior to 3.3.1 Description: An issue was discovered where files in /etc/cobbler are world readable, exposing sensitive information to local users with non-privileged access. The users.digest file contains the sha2-512 digest ...
mySCADA myPRO 加密问题漏洞
mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. A security vulnerability exists in mySCADA myPRO that can be exploited by an attacker to crack a previously retrieved password hash...