Lucene search
K

1753 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/02/28 3:10 p.m.31 views

Security Bulletin: IBM MQ Appliance affected by a password hash that provides insufficient protection (CVE-2022-22321)

Summary IBM MQ Appliance has remedied a password hash that provides insufficient protection. Vulnerability Details CVEID: CVE-2022-22321 DESCRIPTION: IBM MQ Appliance local messaging users stored with a password hash that provides insufficient protection. CVSS Base score: 5.1 CVSS Temporal Score:...

5.5CVSS5.3AI score0.00157EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2022/02/24 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for 389-ds-base (EulerOS-SA-2022-1156)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.7AI score0.01349EPSS
Exploits0References2
Hacker One
Hacker One
added 2022/02/17 10:59 p.m.29 views

GitHub Security Lab: [C#] CWE-759: Query to detect password hash without a salt

This bug was reported directly to GitHub Security Lab...

0.5AI score
Exploits0
NVD
NVD
added 2022/02/09 4:15 p.m.19 views

CVE-2021-40360

A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions, SIMATIC PCS 7 V9.1 All versions V9.1 SP1, SIMATIC WinCC V15 and earlier All versions V15 SP1 Update 7, SIMATIC WinCC V16 All versions V16 Update 5, SIMATIC WinCC V17 All versions V17 Update 2,...

8.8CVSS0.00672EPSS
Exploits0References1
OSV
OSV
added 2022/02/09 4:15 p.m.4 views

CVE-2021-40360

A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions, SIMATIC PCS 7 V9.1 All versions V9.1 SP1, SIMATIC WinCC V15 and earlier All versions V15 SP1 Update 7, SIMATIC WinCC V16 All versions V16 Update 5, SIMATIC WinCC V17 All versions V17 Update 2,...

8.8CVSS5.7AI score0.00672EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/02/09 3:17 p.m.24 views

CVE-2021-40360

A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions, SIMATIC PCS 7 V9.1 All versions V9.1 SP1, SIMATIC WinCC V15 and earlier All versions V15 SP1 Update 7, SIMATIC WinCC V16 All versions V16 Update 5, SIMATIC WinCC V17 All versions V17 Update 2,...

8.5AI score0.00672EPSS
Exploits0References1
CVE
CVE
added 2022/02/09 3:17 p.m.104 views

CVE-2021-40360

Siemens SIMATIC PCS 7 and SIMATIC WinCC contain a vulnerability (CVE-2021-40360) where the password hash of a local account on a remote server can be exposed via a public API, enabling an authenticated attacker to brute‑force and log in. Affected: PCS 7 v8.2–v9.1; WinCC v7.4–v7.5 and v15–v17 (wit...

8.8CVSS8.3AI score0.00672EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2022/02/09 12:0 a.m.6 views

PT-2022-4092 · Siemens · Simatic Pcs 7 +1

Name of the Vulnerable Software and Affected Versions: SIMATIC PCS 7 versions V8.2 through V9.1 SIMATIC PCS 7 version V9.1 prior to V9.1 SP1 SIMATIC WinCC versions V7.4 through V7.4 prior to V7.4 SP1 Update 19 SIMATIC WinCC versions V7.5 through V7.5 prior to V7.5 SP2 Update 6 SIMATIC WinCC...

8.8CVSS8.2AI score0.00672EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/02/08 12:0 a.m.5 views

Siemens SIMATIC 信息泄露漏洞

Siemens SIMATIC PCS 7 and SIMATIC WinCC are both products of Siemens, Germany.SIMATIC PCS 7 is a process control system.SIMATIC WinCC is an automated data acquisition and monitoring SCADA system. Siemens SIMATIC PCS 7 and SIMATIC WinCC have a security vulnerability that allows an authenticated...

8.8CVSS7.9AI score0.00672EPSS
Exploits0References6
CNVD
CNVD
added 2022/02/08 12:0 a.m.20 views

Siemens SIMATIC PCS 7 and SIMATIC WinCC Information Disclosure Vulnerability

Siemens SIMATIC PCS 7 and SIMATIC WinCC are both products of Siemens, Germany.SIMATIC PCS 7 is a process control system.SIMATIC WinCC is an automated data acquisition and monitoring SCADA system. Siemens SIMATIC PCS 7 and SIMATIC WinCC have a security vulnerability that allows an authenticated...

8.8CVSS8.7AI score0.00672EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.13 views

Siemens SICAM MMU, SICAM T, and SICAM SGU Use of Password Hash with Insufficient Computational Effort (CVE-2020-10040)

A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker with local access to the device might be able to retrieve some passwords in clear text. This plugin only works with Tenable.ot. Please visit...

5.5CVSS5.6AI score0.00195EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.15 views

Mageia: Security Advisory (MGASA-2017-0421)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.01499EPSS
Exploits0References4
Hacker One
Hacker One
added 2022/01/27 11:51 p.m.57 views

UPchieve: No character limit in password field

Hey, when I try to set the password while creating an account into "UPchieve" I noticed that you haven't kept any password limit. You need to decrease password length: There are two reasons for limiting the password size. For one, hashing a large amount of data can cause significant resource...

7.3AI score
Exploits0
NVD
NVD
added 2022/01/14 8:15 p.m.11 views

CVE-2021-45406

In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password...

8.8CVSS0.01775EPSS
Exploits1References3
OSV
OSV
added 2022/01/14 8:15 p.m.6 views

CVE-2021-45406

In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password...

8.8CVSS5.8AI score0.01775EPSS
Exploits1References3
Prion
Prion
added 2022/01/14 8:15 p.m.16 views

Sql injection

In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password...

6.5CVSS8.8AI score0.01775EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/01/14 7:25 p.m.15 views

CVE-2021-45406

In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password...

9.1AI score0.01775EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2022/01/13 12:0 a.m.318 views

SalonERP 3.0.1 SQL Injection

Exploit Title: SalonERP 3.0.1 - 'sql' SQL Injection Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://salonerp.sourceforge.io/ Software Link: https://sourceforge.net/projects/salonerp/files/latest/download Version: SalonERP v3.0.1 Tested on: Ubuntu Mate 20.04 Vulnerable...

Exploits0
Positive Technologies
Positive Technologies
added 2022/01/12 12:0 a.m.3 views

PT-2022-12304 · Cobbler +2 · Cobbler +2

Name of the Vulnerable Software and Affected Versions: Cobbler versions prior to 3.3.1 Description: An issue was discovered where files in /etc/cobbler are world readable, exposing sensitive information to local users with non-privileged access. The users.digest file contains the sha2-512 digest ...

10CVSS7.6AI score0.88482EPSS
Exploits6References89
CNNVD
CNNVD
added 2021/12/21 12:0 a.m.3 views

mySCADA myPRO 加密问题漏洞

mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. A security vulnerability exists in mySCADA myPRO that can be exploited by an attacker to crack a previously retrieved password hash...

7.5CVSS5.6AI score0.00651EPSS
Exploits0References4
Rows per page
Query Builder