Lucene search
K

9 matches found

EUVD
EUVD
added 2026/06/03 12:30 a.m.15 views

EUVD-2026-34042

QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt function within classes/Tools.php, which concatenates a static cookie...

8.2CVSS5.8AI score0.00178EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/02 10:9 p.m.37 views

CVE-2026-25861 QloApps 1.7.0 Weak Password Hashing via MD5 in Tools.php

QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt function within classes/Tools.php, which concatenates a static cookie...

8.2CVSS0.00178EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 10:9 p.m.9 views

CVE-2026-25861

QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt function within classes/Tools.php, which concatenates a static cookie...

8.2CVSS5.8AI score0.00178EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.12 views

Mageia: Security Advisory (MGASA-2021-0325)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.7AI score0.00431EPSS
Exploits0References5
Amazon
Amazon
added 2020/10/27 12:0 a.m.25 views

Low: libosinfo

Issue Overview: A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations, 'osinfo-install-script', accepts user and admin passwords via command line arguments. This could allow guest passwords to leak to other system users via a process listing...

7.8CVSS6.3AI score0.00431EPSS
Exploits0
OSV
OSV
added 2020/10/20 2:15 p.m.5 views

CVE-2020-6369

SAP Solution Manager and SAP Focused Run update provided in WILYINTROENTERPRISE 9.7, 10.1, 10.5, 10.7, allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of th...

5.9CVSS6.8AI score0.02647EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/11/05 9:14 p.m.4 views

Libosinfo: osinfo-install-script option leaks password via command line argument

A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations, 'osinfo-install-script', accepts user and admin passwords via command line arguments. This could allow guest passwords to leak to other system users via a process listing...

7.8CVSS5.7AI score0.00431EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2019/07/08 6:52 a.m.17 views

CVE-2019-13313

A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations, 'osinfo-install-script', accepts user and admin passwords via command line arguments. This could allow guest passwords to leak to other system users via a process listing...

7.8CVSS4.1AI score0.00431EPSS
Exploits0References4
OSV
OSV
added 2019/06/17 7:15 p.m.6 views

CVE-2019-7579

An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ability exists for an unauthenticated user to browse a confidential ui/1.0.99.187766/dynamic/js/setup.js.localized file on the router's webserver, allowing for an attacker to identify possible passwords that the system uses to...

7.5CVSS5.8AI score0.01807EPSS
Exploits1References2
Rows per page
Query Builder