362 matches found
Astra Linux - уязвимость в cloud-init
Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege...
Medium: cloud-init
Issue Overview: Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. CVE-2023-1786 Affected Packages: cloud-init Note: This advisory is applicable to Amazon Linux 2 AL2...
CVE-2024-10041 Pam: libpam: libpam vulnerable to read hashed password
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...
Mars: Insecure API Response Leads to Disclosure of Hashed Passwords
A security vulnerability was identified in the API of ████████. The endpoint ████████ was found to return sensitive user information, including hashed passwords, in its response. This exposure presented a significant security risk, as it potentially allowed unauthorized access to user credentials...
VulnCheck KEV: CVE-2024-38289
A boolean-based SQL injection issue in the Virtual Meeting Password VMP endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input...
Pimcore Gather Credentials via SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pimcore Gather Credentials via SQL Injection', 'Description' = %q This module extracts the usernames and hashed passwords of all users of the...
CVE-2024-38289
A boolean-based SQL injection issue in the Virtual Meeting Password VMP endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input...
CVE-2024-38289
A boolean-based SQL injection issue in the Virtual Meeting Password VMP endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input...
PT-2024-27927 · R Hub · R-Hub Turbomeeting
Name of the Vulnerable Software and Affected Versions: R-HUB TurboMeeting versions through 8.x Description: A boolean-based SQL injection issue in the Virtual Meeting Password VMP endpoint allows unauthenticated remote attackers to extract hashed passwords from the database and authenticate to th...
CVE-2024-38289
TurboMeeting (R-HUB) versions through 8.x are affected by a boolean-based SQL injection in the Virtual Meeting Password (VMP) endpoint. The issue allows unauthenticated remote attackers to extract hashed passwords and authenticate via crafted SQL input. Affected software: RHUB TurboMeeting (up to...
CVE-2024-38289
A boolean-based SQL injection issue in the Virtual Meeting Password VMP endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input...
CVE-2024-38289
A boolean-based SQL injection issue in the Virtual Meeting Password VMP endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input...
‘RockYou2024’: Nearly 10 billion passwords leaked online
On a popular hacking form, a user has leaked a file that contains 9,948,575,739 unique plaintext passwords. The list appears to be a compilation of passwords that were obtained during several old and more recent data breaches. The list is referred to as RockYou2024 because of its filename,...
RHEL 6 : pam (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pam: path traversal issue in pamtimestamp's formattimestampname CVE-2014-2583 - The pamuserdb module for...
RHEL 5 : pam (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pam: DoS/user enumeration due to blocking pipe in pamunix module CVE-2015-3238 - The pamuserdb module for...
CVE-2024-31464
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it'...
Sensitive Information Disclosure
Liferay Portal is vulnerable to Sensitive Information Disclosure. This vulnerability is due to improper handling of hashed passwords within the page source...
TYPO3 Information Disclosure Vulnerability
TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Association in Switzerland. An information disclosure vulnerability exists in TYPO3 versions 8.0.0-8.7.56, 9.0.0-9.5.45, 10.0.0-10.4.42, 11.0.0-11.5.34, 12.0.0-12.4.10, and 13.0.0, which stems from the...
EulerOS Virtualization 3.0.6.0 : cloud-init (EulerOS-SA-2023-3422)
According to the versions of the cloud-init package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. Th...
EulerOS 2.0 SP11 : cloud-init (EulerOS-SA-2023-2855)
According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could...