Hardcoded credentials

Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data...

CVE-2019-3908

Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data...

CVE-2019-3908

Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data...

CVE-2019-3908

CVE-2019-3908 affects Premisys Identicard v3.1.190 where backups are stored as encrypted zip files with a hard-coded, non-changeable password, enabling decrypting backups if accessible. The ICSA/ICS-CERT advisory confirms the vulnerability class and that versions prior to 4.2 are affected; mitiga...

PT-2019-16763 · Premisys · Premisys Identicard

Name of the Vulnerable Software and Affected Versions: Premisys Identicard version 3.1.190 Description: The issue concerns the storage of backup files as encrypted zip files with a hard-coded and unchangeable password. This allows an attacker with access to these backups to decrypt them and obtai...

[SECURITY] Fedora 29 Update: openssh-7.9p1-3.fc29

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

Portier SQL Injection Vulnerability

Portier is an access rights management application. A SQL injection vulnerability exists in Portier versions 4.4.4.2 and 4.4.4.6, which stems from the program failing to validate user input and can be exploited by remote attackers to execute SQL commands and steal encrypted passwords from super...

Denial Of Service (DoS)

openstack-nova is vulnerable to denial of service. Swapping encrypted volumes can allow an attacker to corrupt the LUKS header on the compute host, causing a denial of service condition...

Information Disclosure

kernel-rt is vulnerable to information disclosure attacks. The vulnerability exists through an information disclosure vulnerability in the Upstream kernel encrypted-key...

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service DoS attacks. The vulnerability exists as the KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service BUG via crafted keyctl commands that negatively instantiate a key, related to...

Privilege Escalation

cfme is vulnerable to privilege escalation. A privilege escalation flaw was discovered in CloudForms, where in certain situations, CloudForms could read encrypted data from the database and then write decrypted data back into the database. If the database was then exported or log files generated,...

PT-2019-2581 · Python +6 · Python +6

Name of the Vulnerable Software and Affected Versions: Python versions 2.7.11 through 3.6.6 Description: The issue is related to a denial-of-service vulnerability in the X509 certificate parser. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of...

Nextcloud: Stored XSS/HTML injection in autocomplete suggestions for sharing

encrypted report, see attached GnuPG file. I tried to send this by mail, but [email protected] told me that I'm forced sic! to signup here. Please use 7F40 5A4F FAA3 F51B FEFD EE2F CE82 B2C8 6DCE BB9F to contact me. Impact encrypted report, see attached GnuPG file...

CVE-2018-16187

The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached D5520, D6500, D6510, D7500, D8400, and the display versions with RICOH Interactive Whiteboard Controller Type2...

Information Disclosure

rails-session-decoder is vulnerable to information disclosure. A lack of verification of the Message Authentication Code that is appended to the cookies could allow an attacker to decrypt encrypted data containing confidential information...

BSA-2018-746

Security Advisory ID : BSA-2018-746 Component : Servlet Revision : 1.0: Initial A Vulnerability in Brocade Network Advisor Version before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encypted not hashed password of the systems. The...

CVE-2018-19233

COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file...

PYSEC-2018-35

aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value...

Telnet Unencrypted Cleartext Login

The remote host is running a Telnet service that allows cleartext logins over unencrypted connections. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

BSA-2018-743

Security Advisory ID : BSA-2018-743 Component : Hard-coded Credentials Revision : 3.1: Final A vulnerability in Brocade Network Advisor could allow an unauthenticated, remote attacker to log into the JMX Console of an affected system using an undocumented User credentials. The vulnerability is du...