203 matches found
CVE-2021-43332
CVE-2021-43332 affects GNU Mailman before 2.1.36. The CSRF token on Cgi/admindb.py admindb page contains an encrypted version of the list admin password, which could potentially be cracked by a moderator via offline brute-force. Documents correlate this with other Mailman issues (e.g., CVE-2021-4...
CVE-2021-43332
Removed by vendor...
Weidmueller Industrial WLAN devices trust management issue vulnerability
Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. A trust management issue vulnerability exists in Weidmueller Industrial WLAN devices, which stems from the fact that the device operating system contains an undisclosed encrypted password that can be exploited by...
Weidmueller Industrial WLAN 信任管理问题漏洞
Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. A trust management issue vulnerability exists in Weidmueller Industrial WLAN devices, which stems from the fact that the device operating system contains an undisclosed encrypted password that can be exploited by...
Post Breach, Peatix Data Reportedly Found on Instagram, Telegram
Event-discovery application Peatix has disclosed a data breach, after ads for stolen user-account information were reportedly being circulated on Instagram and Telegram. In a data breach notice to affected users, Peatix said it learned on Nov. 9 that user account data had been improperly accessed...
JetBrains TeamCity Information Disclosure Vulnerability (CNVD-2020-27793)
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A security vulnerability exists in JetBrains...
CVE-2013-1351
Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password...
Design/Logic Flaw
Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password...
CVE-2013-1351
Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password...
CVE-2013-1351
CVE-2013-1351 affects all Verax NMS versions prior to 2.1.0. The vulnerability arises from a client-side RSA-based password encryption in the login flow (clientMain.swf) where private/public keys are hardcoded, allowing an attacker to capture and replay the encrypted password against the service....
SpotAuditor 5.3.2 Local Buffer Overflow
Exploit Title: SpotAuditor 5.3.2 - 'Base64' Local Buffer Overflow SEH Exploit Author: Kirill Nikolaev Date: 2019-12-06 Vulnerable Software: SpotAuditor Vendor Homepage: http://www.nsauditor.com/ Version: 5.3.2 Software Link: http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested...
TeamCity Disabled Registration Bypass
var login = 'testuser'; //DD3/4D3D,D1/2 D?D3/4DNDD3/4D2DdegNDuDN var password = 'SuperMEgaPa$$'; //D?DdegND3/4DN var email = '[email protected]'; // email / Code / var b = BS.LoginForm; var publickey = $F"publicKey"; var encryptedpass = BS.Encrypt.encryptDatapassword, $F"publicKey";...
CVE-2018-6445
A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted not hashed password of the systems. The attacker could gain access to the Brocade Network Advisor System after...
CVE-2018-19233
COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file...
Cradlepoint Router Password Disclosure Vulnerability
Exploit for hardware platform in category web applications Cradlepoint Router Password Disclosure Many vulnerabilities in the built-in software of the Cradlepoint Router. 100000 such routers can be seen in the shodan https://www.shodan.io/search?query=cradlepointhttpservice. These vulnerabilities...
Hardcoded credentials
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded Pxift password in some cases...
Vboxdie-Cracker - VirtualBox Disk Image Encryption Password Cracker
Virtual Box Disk Image Encryption password cracker Requirements 1. PHP = 5.5.0 2. OpenSSL = 1.0.1 XTS support Algorithm description User password is stored using a combination of PBKDF2 and AES-XTS as following shown values are fixed at the moment, but they can be controlled inside the file forma...
Ivanti Avalanche Information Disclosure Vulnerability
Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche versions 5.3 and 6.2. The vulnerability can be exploited by a...
CVE-2018-5152
WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firef...
CVE-2018-5152
WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firef...