15 matches found
CVE-2026-39031
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a...
CVE-2026-25861 QloApps 1.7.0 Weak Password Hashing via MD5 in Tools.php
QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt function within classes/Tools.php, which concatenates a static cookie...
CVE-2026-25861
CVE-2026-25861 affects QloApps 1.7.0. The vulnerability is in the password hashing path: Tools::encrypt() in classes/Tools.php uses MD5 with a static cookie key, allowing offline brute-forcing of credentials. The risk is heightened by auto-generated 8-character guest-to-customer passwords in clas...
QloApps 安全漏洞
QloApps is an open-source hotel management and reservation system developed by QloApps. Versions of QloApps 1.7.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of MD5 for password hashing in the Tools.php file. Weak encryption algorithms allowed...
CVE-2026-34256 Missing Authorization check in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)
Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...
EUVD-2026-22166
Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...
CVE-2026-34256
CVE-2026-34256 affects SAP ERP and SAP S/4HANA (Private Cloud and On-Premise). The issue arises from a missing authorization check that allows an authenticated actor with low privileges to run a specific ABAP report and overwrite an existing eight-character executable ABAP report without authoriz...
SAP ERP和SAP S/4HANA 安全漏洞
SAP ERP and SAP S/4HANA are both products of the German company SAP. SAP ERP is a suite of software used for ERP management. SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system. There are security vulnerabilities in SAP ERP and SAP S/4HANA...
CVE-2025-32898
The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 5...
EUVD-2025-201337
The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 5...
CVE-2025-32898
The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 5...
KDE Connect 安全特征问题漏洞
KDE Connect is a software from the KDE community that connects cell phones and computers. A Security Feature Issue vulnerability exists in versions of KDE Connect prior to 2025-04-18, which stems from a captcha protocol that uses only 8 characters, which could lead to brute-force breaking attacks...
PT-2022-24019 · Phpmyfaq · Phpmyfaq
Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 3.1.8 Description: The issue concerns weak password requirements in the phpMyFAQ repository. Specifically, versions prior to 3.1.8 are affected due to inadequate password length requirements. Version 3.1.8 introduce...
CVE-2019-13393
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...
The vulnerability of the microprogramming software of the D–Link DSR–500 router allows a malicious individual to obtain the user password.
To store passwords, the DES encryption algorithm with a salt is used. This results in a password length limitation of 8 characters the remaining characters are discarded...