Lucene search
K

203 matches found

CVE
CVE
added 2024/08/29 10:4 p.m.233 views

CVE-2024-6670

Summary (CVE-2024-6670): Progress WhatsUp Gold prior to version 24.0.0 contains a SQL Injection vulnerability that can allow an unauthenticated attacker to retrieve a user’s encrypted password. Public references confirm exploitation guidance (e.g., Metasploit module) and acknowledgments by CISA K...

9.8CVSS9.8AI score0.94661EPSS
In wildExploits2References3Affected Software1
CNNVD
CNNVD
added 2024/08/29 12:0 a.m.9 views

WhatsUp Gold 安全漏洞

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in WhatsUp Gold version 2024.0.0, which...

9.8CVSS8.9AI score0.94661EPSS
Exploits2References3
NVD
NVD
added 2023/12/14 2:15 p.m.21 views

CVE-2023-45182

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM...

7.4CVSS0.00634EPSS
Exploits0References2
OSV
OSV
added 2023/12/14 2:15 p.m.2 views

CVE-2023-45182

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM...

6.5CVSS5.8AI score0.00634EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/12/14 2:2 p.m.22 views

CVE-2023-45182 IBM i Access Client Solutions information disclosure

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM...

7.4CVSS7.3AI score0.00634EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/14 12:0 a.m.4 views

IBM i Security Vulnerabilities

IBM i is a suite of operating systems from International Business Machines IBM running on IBM Power Systems and IBM PureSystems. A security vulnerability exists in IBM i Access Client Solutions versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3, which stems from an encrypted password key th...

7.4CVSS6.8AI score0.00634EPSS
Exploits0References3
OSV
OSV
added 2023/11/14 6:15 p.m.3 views

CVE-2023-45585

An insertion of sensitive information into log file vulnerability CWE-532 in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, versi...

3.3CVSS5.8AI score0.0021EPSS
Exploits0References1
Prion
Prion
added 2023/11/14 6:15 p.m.14 views

Design/Logic Flaw

An insertion of sensitive information into log file vulnerability CWE-532 in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, versi...

1.7CVSS6.7AI score0.0021EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/08/14 5:15 p.m.27 views

CVE-2023-40354

An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08....

6.5CVSS6.6AI score0.00268EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/08/09 6:37 a.m.20 views

CVE-2023-37858 PHOENIX CONTACT: Use of Hard-coded Credentials in WP 6xxx Web panels

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password...

4.9CVSS5.4AI score0.00339EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/05/31 12:0 a.m.5 views

PT-2023-24780 · Bmc · Bmc Patrol

Name of the Vulnerable Software and Affected Versions: BMC Patrol versions prior to 22.1.00 Description: An issue was discovered where the agent's configuration can be remotely queried, containing the Patrol account password encrypted with a default AES key. This account can then be used to achie...

7.5CVSS8AI score0.00809EPSS
Exploits1References4
Exploit DB
Exploit DB
added 2023/05/05 12:0 a.m.329 views

Jedox 2022.4.2 - Code Execution via RPC Interfaces

Exploit Title: Jedox 2022.4.2 - Code Execution via RPC Interfaces Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47879 Introduction...

7.5CVSS7.6AI score0.06247EPSS
Exploits7
Cvelist
Cvelist
added 2022/12/25 12:0 a.m.23 views

CVE-2022-44012

An issue was discovered in /DS/LMAPI/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager before 5.6. An attacker can execute JavaScript code in the browser of the victim if a site is loaded. The victim's encrypted password can be stolen and most likely be...

6AI score0.00509EPSS
Exploits3References1
CVE
CVE
added 2022/12/25 12:0 a.m.62 views

CVE-2022-44012

CVE-2022-44012 affects Simmeth Lieferantenmanager (pre-5.6). An issue in the /DS/LM_API/api/SelectionService/InsertQueryWithActiveRelationsReturnId endpoint enables cross-site scripting, allowing an attacker to run JavaScript in a victim’s browser and potentially access the victim’s encrypted pas...

5.4CVSS6AI score0.00509EPSS
Exploits3References1Affected Software1
NVD
NVD
added 2022/10/10 11:15 p.m.17 views

CVE-2021-35226

An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service SWIS. Exposed credentials are encrypted and require authenticated access with an NCM role...

6.5CVSS0.00446EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/09/15 1:0 p.m.3 views

CVE-2022-2472

Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428...

7.6CVSS6.1AI score0.00297EPSS
Exploits0References2
OSV
OSV
added 2022/03/18 6:15 p.m.4 views

CVE-2020-25180

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm...

6.5CVSS6.7AI score
Exploits0References4
NVD
NVD
added 2021/12/30 10:15 p.m.31 views

CVE-2021-20155

Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of "12345678"...

9.8CVSS0.01899EPSS
Exploits1References1
Prion
Prion
added 2021/12/30 10:15 p.m.11 views

Hardcoded credentials

Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of "12345678"...

7.5CVSS9.4AI score0.01899EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2021/11/12 9:15 p.m.23 views

CVE-2021-43332

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...

6.5CVSS0.01072EPSS
Exploits0References3
Rows per page
Query Builder