WordPress Download Manager - File Password Exposure

The WordPress Download Manager plugin contains a vulnerability that allows attackers to obtain passwords for password-protected downloads by sending a specially crafted request to the validate-password API endpoint. id: CVE-2023-6421 info: name: WordPress Download Manager - File Password Exposure...

EUVD-2022-38063

Malicious code in bioql PyPI...

CVE-2024-32131 WordPress Download Manager plugin <= 3.2.82 - File Password Lock Bypass vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download Manager allows Functionality Bypass.This issue affects Download Manager: from n/a through 3.2.82...

CVE-2024-32131 WordPress Download Manager plugin <= 3.2.82 - File Password Lock Bypass vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download Manager allows Functionality Bypass.This issue affects Download Manager: from n/a through 3.2.82...

Metasploit Weekly Wrap-Up 04/19/24

Welcome Ryan and the new CrushFTP module It's not every week we add an awesome new exploit module to the Framework while adding the original discoverer of the vulnerability to the Rapid7 team as well. We're very excited to welcome Ryan Emmons to the Emergent Threat Response team, which works...

WordPress Download Manager plugin <= 3.2.82 - File Password Lock Bypass vulnerability

File Password Lock Bypass vulnerability discovered by Liu Shaohong Patchstack Alliance in WordPress Plugin Download Manager versions = 3.2.82...

Alpha Innotec Heatpumps Encryption Issues Vulnerabilities

Alpha Innotec Heatpumps is a heat pump from Alpha Innotec. A cryptographic issue vulnerability exists in Alpha Innotec Heatpumps wp2reg-V.3.88.0-9015 version and Novelan Heatpumps wp2reg-V.3.88.0-9015 version. A remote attacker could use this vulnerability to execute arbitrary code via the passwo...

PT-2024-1304 · Alpha Innotec +1 · Alpha Innotec Heatpumps +1

Name of the Vulnerable Software and Affected Versions: Alpha Innotec Heatpumps versions prior to V2.88.3 Alpha Innotec Heatpumps versions prior to V3.89.0 Alpha Innotec Heatpumps versions prior to V4.81.3 Novelan Heatpumps versions prior to V2.88.3 Novelan Heatpumps versions prior to V3.89.0...

CVE-2023-2790

A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255B20211224. Affected is an unknown function of the file /squashfs-root/etcro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the...

PT-2021-11: Possibility to access file 00000001.SYP with file password mechanism enabled in the FX5U(C) CPU and FX5UJ CPU modules

The vulnerability of the FX5UC CPU and FX5UJ CPU modules of Mitsubishi Electric FA products is associated with the storage of sensitive information in open form. Exploiting the vulnerability may allow an attacker, provided that the file password mechanism is enabled, to gain access to file...

Zydra - File Password Recovery Tool And Linux Shadow File Cracker

Zydra is a file password recovery tool and Linux shadow file cracker. It uses the dictionary search or Brute force method for cracking passwords. Supported Files RAR Files Legacy ZIP Files PDF Files Linux Shadow Files zydra can find all the user’s password in the linux shadow file one after the...

PT-2017-17998 · Hikvision · Hikvision Ds-2Cd2Xx2F-I Series +5

Name of the Vulnerable Software and Affected Versions: Hikvision DS-2CD2xx2F-I Series versions V5.2.0 build 140721 through V5.4.0 build 160530 Hikvision DS-2CD2xx0F-I Series versions V5.2.0 build 140721 through V5.4.0 Build 160401 Hikvision DS-2CD2xx2FWD Series versions V5.3.1 build 150410 throug...

EUVD-2006-1416

TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd...