DELL ECS Connection Manager 安全漏洞

DELL ECS Connection Manager is a software for managing enterprise cloud storage from Dell DELL USA. A security vulnerability exists in DELL ECS Connection Manager that stems from the use of a reversible password encryption algorithm that allows an attacker to decrypt passwords...

PT-2024-13348 · Teledyne Flir · Teledyne Flir M300

Name of the Vulnerable Software and Affected Versions: Teledyne FLIR M300 versions 2.00 through 2.00-19 Description: An issue was discovered where user account passwords are encrypted locally and can be decrypted to cleartext passwords using the umSetup utility, which requires root permissions to...

CVE-2023-49256

It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key...

CVE-2023-3350

A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, whi...

PT-2023-24651 · WordPress · Profilegrid

Name of the Vulnerable Software and Affected Versions: ProfileGrid plugin for WordPress versions up to, and including, 5.5.0 Description: The issue allows unauthorized decryption of private information. This is due to the passphrase and iv being hardcoded in the pm encrypt decrypt pass function,...

CVE-2023-35763

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext...

CVE-2023-25072

Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product...

Default credentials

Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product...

CVE-2023-25184

Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASI...

Seiko Solutions SkyBridge 安全漏洞

Seiko Solutions SkyBridge is a series of routers from Seiko Solutions, Japan. A security vulnerability exists in Seiko Solutions SkyBridge and SkySpider. An attacker could exploit the vulnerability to decrypt the password of the product's WebUI. The following products and versions are affected:...

PT-2023-9398 · Yealink · Yealink Meeting Server

Name of the Vulnerable Software and Affected Versions: Yealink Meeting Server versions prior to V26.0.0.67 Description: The issue is related to insufficient protection of service data, allowing a remote attacker to gain access to user authentication data. Specifically, attackers can obtain static...

CVE-2023-22271

Experience Manager versions 6.5.15.0 and earlier are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. A low-privileged attacker can exploit this in order to decrypt a user's password. The attack complexity is high since a successful...

CVE-2023-22271 AEM Weak Cryptography for Passwords Security feature bypass

Experience Manager versions 6.5.15.0 and earlier are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. A low-privileged attacker can exploit this in order to decrypt a user's password. The attack complexity is high since a successful...

SUSE CVE-2018-1000145

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them...

Siemens部分产品 安全漏洞

Siemens SCALANCE Series and Siemens RUGGEDCOM Series are a series of industrial communication devices from Siemens, Germany. A security vulnerability exists in some Siemens products. An attacker could exploit the vulnerability to retrieve files and decrypt CLI user passwords...

Fiserv Prologue 安全漏洞

Fiserv Prologue is a tool for streamlining financial accounting processes and accelerating the delivery of reliable, accessible information that improves performance. A security vulnerability exists in versions of Fiserv Prologue prior to 2020-12-16 that stems from not properly protecting databas...

CVE-2021-22640

An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks...

CVE-2022-35169

SAP BusinessObjects Business Intelligence Platform LCM - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on...

Metasploit Weekly Wrap-Up

Exchange RCE Exchange remote code execution vulnerabilities are always valuable exploits to have. This week Metasploit added an exploit for an authenticated RCE in Microsoft Exchange servers 2016 and server 2019 identified as CVE-2021-42321. The flaw leveraged by the exploit exists in a...

Sql injection

In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password...