325 matches found
An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.
...
CVE-2024-29959
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save...
CVE-2025-0374
When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the input file, and is world-readable. This applies to files that would normally have restricted visibility, such as...
PT-2025-3859 · Etcupdate +1 · Etcupdate +1
Name of the Vulnerable Software and Affected Versions: etcupdate affected versions not specified Description: When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the inpu...
FreeBSD -- Unprivileged access to system files
Problem Description: When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the input file, and is world-readable. This applies to files that would normally have restricted...
CVE-2024-36509
An exposure of sensitive system information to an unauthorized control sphere vulnerability CWE-497 in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted password...
CVE-2024-36509
An exposure of sensitive system information to an unauthorized control sphere vulnerability CWE-497 in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted password...
PT-2024-27040 · Fortinet · Fortiweb
Name of the Vulnerable Software and Affected Versions: FortiWeb versions 6.3.23 and below FortiWeb versions 7.0.10 and below FortiWeb versions 7.2.10 and below FortiWeb versions 7.4.3 and below FortiWeb version 7.6.0 Description: The issue allows an authenticated attacker to access the encrypted...
Progress WhatsUp Gold SQL Injection Vulnerability
Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user...
VulnCheck KEV: CVE-2024-6670
Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user...
NewStart CGSL MAIN 6.02 : grub2 Multiple Vulnerabilities (NS-SA-2024-0068)
The remote NewStart CGSL host, running version MAIN 6.02, has grub2 packages installed that are affected by multiple vulnerabilities: - A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read i...
CVE-2024-6670
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password...
CVE-2024-6671
In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password...
WhatsUp Gold 安全漏洞
Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in WhatsUp Gold version 2024.0.0, which...
Progress WhatsUp Gold < 24.0.0 Multiple Vulnerabilities (000263015)
The version of Progress WhatsUp Gold installed on the remote host is prior to 24.0.0. It is, therefore, affected by multiple vulnerabilities as referenced in the 000263015 advisory: - In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQ...
PT-2024-9442 · Ipswitch · Whatsup Gold
Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2024.0.0 Description: The issue is related to a SQL Injection vulnerability in WhatsUp Gold, which can be exploited by an unauthenticated attacker to retrieve a user's encrypted password. The vulnerability is...
CVE-2024-35341
Certain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFile.ini or /config.xml URIs. This configuration file contains usernames and encrypted passwords encrypted with a hardcoded key common to all devices. This...
CVE-2024-35341
Certain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFile.ini or /config.xml URIs. This configuration file contains usernames and encrypted passwords encrypted with a hardcoded key common to all devices. This...
PT-2024-26442 · Anpviz · Anpviz
Name of the Vulnerable Software and Affected Versions: Anpviz products versions 3.2.2.2 and lower Description: The issue allows unauthenticated users to download the running configuration of the device via a HTTP GET request to "/ConfigFile.ini" or "/config.xml" URIs. This configuration file...
CVE-2024-29959
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save...