203 matches found
CVE-2024-6670
Summary (CVE-2024-6670): Progress WhatsUp Gold prior to version 24.0.0 contains a SQL Injection vulnerability that can allow an unauthenticated attacker to retrieve a user’s encrypted password. Public references confirm exploitation guidance (e.g., Metasploit module) and acknowledgments by CISA K...
WhatsUp Gold 安全漏洞
Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in WhatsUp Gold version 2024.0.0, which...
CVE-2023-45182
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM...
CVE-2023-45182
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM...
CVE-2023-45182 IBM i Access Client Solutions information disclosure
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM...
IBM i Security Vulnerabilities
IBM i is a suite of operating systems from International Business Machines IBM running on IBM Power Systems and IBM PureSystems. A security vulnerability exists in IBM i Access Client Solutions versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3, which stems from an encrypted password key th...
CVE-2023-45585
An insertion of sensitive information into log file vulnerability CWE-532 in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, versi...
Design/Logic Flaw
An insertion of sensitive information into log file vulnerability CWE-532 in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, versi...
CVE-2023-40354
An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08....
CVE-2023-37858 PHOENIX CONTACT: Use of Hard-coded Credentials in WP 6xxx Web panels
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password...
PT-2023-24780 · Bmc · Bmc Patrol
Name of the Vulnerable Software and Affected Versions: BMC Patrol versions prior to 22.1.00 Description: An issue was discovered where the agent's configuration can be remotely queried, containing the Patrol account password encrypted with a default AES key. This account can then be used to achie...
Jedox 2022.4.2 - Code Execution via RPC Interfaces
Exploit Title: Jedox 2022.4.2 - Code Execution via RPC Interfaces Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47879 Introduction...
CVE-2022-44012
An issue was discovered in /DS/LMAPI/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager before 5.6. An attacker can execute JavaScript code in the browser of the victim if a site is loaded. The victim's encrypted password can be stolen and most likely be...
CVE-2022-44012
CVE-2022-44012 affects Simmeth Lieferantenmanager (pre-5.6). An issue in the /DS/LM_API/api/SelectionService/InsertQueryWithActiveRelationsReturnId endpoint enables cross-site scripting, allowing an attacker to run JavaScript in a victim’s browser and potentially access the victim’s encrypted pas...
CVE-2021-35226
An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service SWIS. Exposed credentials are encrypted and require authenticated access with an NCM role...
CVE-2022-2472
Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428...
CVE-2020-25180
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm...
CVE-2021-20155
Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of "12345678"...
Hardcoded credentials
Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of "12345678"...
CVE-2021-43332
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...