Design/Logic Flaw

Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. This software has a password protection functionality to secure the project file from unauthorized access. This password was being stored...

Default credentials

Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card .PRG file ending...

CVE-2023-43777

CVE-2023-43777 affects Eaton easySoft software used to program easy controllers and displays. The root issue is insecure storage of the project password, which could be retrieved by skilled adversaries, leading to potential unauthorized access to protected files. Documents confirm the password pr...

CVE-2023-43777 Insecure storage of password in easySoft

Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. This software has a password protection functionality to secure the project file from unauthorized access. This password was being stored...

CVE-2023-43777 Insecure storage of password in easySoft

Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. This software has a password protection functionality to secure the project file from unauthorized access. This password was being stored...

CVE-2023-43776

CVE-2023-43776 affects Eaton easyE4 PLC. Affected component: device password protection storage in easyE4, where the device password is stored using a weak encoding algorithm in program files exported as *.PRG on SD card. Evidence from multiple sources identifies this weakness as the vulnerabilit...

CVE-2022-46484

The CVE-2022-46484 entry affects Data Illusion Survey Software Solutions NGSurvey (NGSurvey) v2.4.28 and earlier. The vulnerability enables information disclosure by allowing attackers to view the access password, which in turn could be used to access and arbitrarily submit surveys. The connected...

CVE-2022-46484

Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys...

Moxa EDS-G516E and EDS-510E Series Ethernet Switches Use of a Broken or Risky Cryptographic Algorithm (CVE-2020-7001)

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

WordPress Passster – Password Protection Plugin < 4.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Passster – Password Protection Type Plugin Vulnerable versions 4.2.2 Fixed in 4.2.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Patrick Posner PSID 8b97c2c68b65 Credits Rafie Muhammad...

Security Bulletin: Multiple security vulnerabilities have been identified in GSKit, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-1447).

Summary GSKit is shipped with IBM Tivoli Network Manager IP Edition. Information about security vulnerabilities affecting GSKit has been published here. Vulnerability Details CVEID: CVE-2018-1447 DESCRIPTION: The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expecte...

CVE-2023-3371

CVE-2023-3371 affects the EmbedPress WordPress plugin (

CVE-2023-3371

The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt an...

PT-2023-24453 · WordPress · User Registration

Name of the Vulnerable Software and Affected Versions: User Registration plugin for WordPress versions up to, and including, 3.7.3 Description: The issue is related to Sensitive Information Exposure due to a hardcoded encryption key in the lock content form handler and display password form...

CVE-2023-2638

Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin...

CVE-2023-2638

Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin...

Rockwell Automation FactoryTalk Services Platform 授权问题漏洞

Rockwell Automation FactoryTalk Services Platform is a suite of services platforms from Rockwell Automation, Inc. that consists of multiple products that provide applications with routine services such as diagnostic information, health monitoring, and real-time data access. A security vulnerabili...

Password Protected < 2.6.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5 unusual cybersecurity tips that actually work

So, youre on top of your software updates, you use a password manager, youve enabled two-factor authentication wherever you can, youve got BrowserGuard installed, and youre running Malwarebytes Premium. If you're doing all of that you're already winning at security. But you want more, because you...

CVE-2023-1979

The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the "Author" role can create stories, but don't have the ability ...