939 matches found
Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining
Poorly secured Linux SSH servers are being targeted by bad actors to install port scanners and dictionary attack tools with the goal of targeting other vulnerable servers and co-opting them into a network to carry out cryptocurrency mining and distributed denial-of-service DDoS attacks. "Threat...
CVE-2023-6203
The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request...
CVE-2023-5949
The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content...
CVE-2023-5949
CVE-2023-5949 affects the SmartCrawl WordPress plugin prior to version 3.8.3. The issue allows unauthenticated users to access the content of password-protected posts, due to inadequate access control in the plugin. The NVD entry notes a CVSS v3.1 base score of 7.5 (HIGH) with Network attack vect...
CVE-2023-6203
The CVE concerns The Events Calendar WordPress plugin, specifically versions prior to 6.2.8.1. The vulnerability is an information disclosure where unauthenticated users can read the content of password-protected posts via a crafted request. The root cause is described across multiple sources as ...
Code injection
The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags...
CVE-2023-5845 Simple Social Buttons < 5.1.1 - Unauthenticated Password Protected Post Access
The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags...
The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read
Description The plugin discloses the content of password protected posts to unauthenticated users via a crafted request PoC Append "?view=single-event" to a password protected post, then view the source of the page and find the post content disclosed in...
Admin and Site Enhancements (ASE) < 5.8.0 - Password Protection Mode Security Feature Bypass
Description The Admin and Site Enhancements ASE plugin for WordPress is vulnerable to security feature bypass in all versions up to, and including, 5.7.1. This is due to a flawed authentication mechanism within the maybeprocesslogin function. This makes it possible for unauthenticated attackers t...
GHSA-XWCQ-PM8M-C4VF crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Impact Summary Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standardOWASP PBKDF2 Cheatsheet. This is because it both 1 defaults to SHA1SHA1 wiki, a cryptographic hash algorithm considered insecure since at leas...
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Impact Summary Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standardOWASP PBKDF2 Cheatsheet. This is because it both 1 defaults to SHA1SHA1 wiki, a cryptographic hash algorithm considered insecure since at leas...
CVE-2023-46233
crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...
CVE-2023-46233
crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...
Code injection
crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...
GHSA-MPJ8-Q39X-WQ5H crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Impact Summary Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standardOWASP PBKDF2 Cheatsheet. This is because it both 1 defaults to SHA1SHA1 wiki, a cryptographic hash algorithm considered insecure since at leas...
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Impact Summary Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standardOWASP PBKDF2 Cheatsheet. This is because it both 1 defaults to SHA1SHA1 wiki, a cryptographic hash algorithm considered insecure since at leas...
PT-2023-29917
Name of the Vulnerable Software and Affected Versions crypto-js versions prior to 4.2.0 Description The crypto-js library has a weakened PBKDF2 configuration, which is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This...
CVE-2023-43776
Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card .PRG file ending...
CVE-2023-43777
Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. This software has a password protection functionality to secure the project file from unauthorized access. This password was being stored...
CVE-2023-43776
Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card .PRG file ending...