CVE-2024-22894

An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file...

Code injection

An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file...

CVE-2024-22894

An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file...

CVE-2024-22894

An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file...

Alpha Innotec Heatpumps Encryption Issues Vulnerabilities

Alpha Innotec Heatpumps is a heat pump from Alpha Innotec. A cryptographic issue vulnerability exists in Alpha Innotec Heatpumps wp2reg-V.3.88.0-9015 version and Novelan Heatpumps wp2reg-V.3.88.0-9015 version. A remote attacker could use this vulnerability to execute arbitrary code via the passwo...

CVE-2024-22894

CVE-2024-22894 affects AIT-Deutschland Alpha Innotec Heatpumps (V2.88.3+, V3.89.0+, V4.81.3+) and Novelan Heatpumps (V2.88.3+, V3.89.0+, V4.81.3+). The root cause is hardcoded credentials in the wp2reg-V3.88.0-9015 file, enabling remote attackers to execute arbitrary code via the password compone...

PT-2024-1304 · Alpha Innotec +1 · Alpha Innotec Heatpumps +1

Name of the Vulnerable Software and Affected Versions: Alpha Innotec Heatpumps versions prior to V2.88.3 Alpha Innotec Heatpumps versions prior to V3.89.0 Alpha Innotec Heatpumps versions prior to V4.81.3 Novelan Heatpumps versions prior to V2.88.3 Novelan Heatpumps versions prior to V3.89.0...

CVE-2023-42336

An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component...

CVE-2023-42336

An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component...

NETIS SYSTEMS WF2409E Trust Management Issues Vulnerability

NETIS SYSTEMS WF2409E is a wireless router from NETIS SYSTEMS. A security vulnerability exists in the NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 version that originates from obtaining sensitive information via the password parameter in the /etc/shadow.sample component...

The vulnerability of Fortinet’s FortiNAC and FortiNAC-F access control devices stems from insufficient protection of registration data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the access control devices in Fortinet’s FortiNAC and FortiNAC-F systems stems from insufficient protection of registration data during the processing of the /etc/shadow file. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...

Exploit for Out-of-bounds Write in Linux Linux_Kernel

CVE-2022-1015 id uid=1000d gid=1000d groups=1000d...

SUSE CVE-2007-0003

pamunix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters...

SUSE CVE-2011-4966

modules/rlmunix/rlmunix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password...

SUSE CVE-2013-3713

The image creation configuration in aaabase before 16.26.1 for openSUSE 13.1 KDE adds the root user to the "users" group when installing from a live image, which allows local users to obtain sensitive information and possibly have other unspecified impacts, as demonstrated by reading /etc/shadow...

SUSE CVE-2016-1601

yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown vectors...

SUSE CVE-2019-19234

In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of a password hash is not considered, allowing an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The software maintainer believes...

CVE-2021-37316

SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow...

CVE-2023-24149

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow...

ASUS RT-AC68U SQL注入漏洞

ASUS RT-AC68U is a router from Asus China. A security vulnerability exists in ASUS RT-AC68U router firmware versions prior to 3.0.0.4.386.41634, which originates from a SQL injection vulnerability in the cloud disk. An attacker could exploit the vulnerability to view sensitive information via...