148 matches found
Exploit for CVE-2024-51482
CVE-2024-51482 ZoneMinder v1.37. = 1.37.64 CVE-2024-51482 po...
Malware Masquerades as Legitimate, Hidden WordPress Plugin with Remote Code Execution Capabilities
📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. The Wordfence Threat Intelligence team recently discovered an interestin...
CVE-2024-25830
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the...
CVE-2023-24055
KeePass through 2.53 in a default installation allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has...
CVE-2020-28911
Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the testserver command in ajaxhelper.php...
CVE-2019-14782
CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/accesslog, then use them to make a request to extract the victim's password for the OS...
CVE-2025-32471
The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks...
CVE-2025-32471
The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks...
CVE-2025-32471
The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks...
CVE-2025-32471 Reuse of salt
The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks...
CVE-2025-32471 Reuse of salt
The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks...
SICK FLX0-GPNT100和SICK FLX3-CPUC200 安全漏洞
The SICK FLX0-GPNT100 and SICK FLX3-CPUC200 are both products of SICK, Germany.The SICK FLX0-GPNT100 is a photoelectric sensor for precise object detection and localization in industrial automation.The SICK FLX3-CPUC200 is a high-performance photoelectric sensor controller designed for complex SI...
PT-2025-18055 · Sick Ag · Sick Flx3-Cpuc200
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is related to inadequate salting of device passwords, making them susceptible to password extraction attacks. Recommendations: At the moment, there is no information about a newer...
PT-2025-7776 · Unknown +1 · Xone Web Monitor +1
Name of the Vulnerable Software and Affected Versions: XOne Web Monitor version 02.10.2024.530 XOne Web Monitor framework version 1.0.4.9 Description: The issue is a SQL injection vulnerability located in the login page, allowing attackers to extract all usernames and passwords via a crafted inpu...
CVE-2025-0477
An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to a weak encryption methodology and could allow a threat actor to extract passwords belonging to other users of the application...
CVE-2025-0477 Rockwell Automation FactoryTalk® AssetCentre Data Exposure Vulnerability
An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to a weak encryption methodology and could allow a threat actor to extract passwords belonging to other users of the application...
Rockwell Automation FactoryTalk AssetCentre
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to extract passwords, access, credentials, or impersonate other users. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities,...
Rockwell Automation FactoryTalk AssetCentre 安全漏洞
Rockwell Automation FactoryTalk AssetCentre is an application from Rockwell Automation, Inc. It provides centralized tools for protecting, managing, version controlling, tracking, and reporting information about automation-related assets throughout the plant. A security vulnerability exists in...
PT-2025-3909 · Rockwell Automation · Factorytalk Assetcentre
Name of the Vulnerable Software and Affected Versions: Rockwell Automation FactoryTalk AssetCentre versions prior to V15.00.001 Description: An encryption issue exists due to a weak encryption methodology, which could allow a threat actor to extract passwords belonging to other users of the...
CVE-2024-40710
A series of related high-severity vulnerabilities, the most notable enabling remote code execution RCE as the service account and extraction of sensitive information savedcredentials and passwords. Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within...