CVE-2021-20593

CVE-2021-20593 describes an incorrect implementation of the authentication algorithm in Mitsubishi Electric air conditioning systems and expansion controllers (e.g., G-50A, GB-50A, AG-150A/AJ, GB-50ADA/J, EB-50GU, AE/W/E series, TE/TW series, CMS-RMD-J, PAC-YG50ECA). The flaw allows a remote auth...

Mitsubishi Electric Air Conditioning System

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: Multiple Air Conditioning Systems Vulnerability: Incorrect Implementation of Authentication Algorithm 2. RISK EVALUATION An attacker could exploit this vulnerability by impersonating...

CVE-2021-25315

A flaw was found in Salt. This issue is caused by an incorrect implementation of the authentication algorithm, where openSUSE Tumbleweed allows local attackers to execute arbitrary code via Salt without the need to specify valid credentials in Salt versions before 3002.2-3. The highest threat fro...

Hardcoded credentials

SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp which is a guest account...

JVN#38784555: Multiple vulnerabilities in UNIVERGE SV9500/SV8500 series

Remote system maintenance feature of UNIVERGE SV9500/SV8500 series' Web based remote maintenance console contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2020-5685 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H| Base Score...

Nintendo: Arbitrary code execution in TSEC Heavy Secure, return-oriented programming in TSEC Secure ROM, and recovery of TSEC-derived cryptographic secrets

The vulnerability in TSEC Heavy Secure allowed for arbitrary code execution. A return-oriented programming vulnerability was discovered in the TSEC Secure ROM. Cryptographic secrets derived from TSEC were recovered...

Facebook WhatsApp Desktop Multiple Web Connection Notice Bypass Vulnerability

Summary An exploitable notice bypass vulnerability exists in the multiple web connections functionality of Facebook WhatsApp Desktop version 0.2.9739. This functionality allows a user to choose what to do when multiple desktop sessions are initiated using WhatsApp Desktop. By stealing the session...

CVE-2017-12712

CVE-2017-12712 affects Abbott Laboratories pacemakers (Accent/Anthem, Accent MRI, Assurity/Allure, Assurity MRI) and related ICD/CRT-D devices. Root cause: Improper Authentication (CWE-287) in the pacemaker authentication algorithm using an authentication key and timestamp, allowing a nearby atta...

WirelessNetView - Wireless Network Monitoring Tool

WirelessNetView is a small utility that runs in the background, and monitor the activity of wireless networks around you. For each detected network, it displays the following information: SSID, Last Signal Quality, Average Signal Quality, Detection Counter, Authentication Algorithm, Cipher...

SNMP Authorization

This script allows users to enter the information required to authorize and login via SNMP. These data are used by tests that require authentication. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respectiv...

eLinks SQL Injection / XSS / LFI

===================================================================== eLinks Vulnerabilities blind sql inj / xss / LFI by Inj3ct0r.com ===================================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ ...

Mozilla Firefox cleartext password leak

Weak authentication algorithm may be choosen by browser even if stronger one is supported by server...