EUVD-2023-12506

Malicious code in bioql PyPI...

EUVD-2023-40553

Malicious code in bioql PyPI...

CVE-2025-7214 FNKvision FNK-GU2 MD5 shadow risky encryption

A vulnerability classified as problematic was found in FNKvision FNK-GU2 up to 40.1.7. Affected by this vulnerability is an unknown functionality of the file /etc/shadow of the component MD5. The manipulation leads to risky cryptographic algorithm. It is possible to launch the attack on the...

CVE-2023-36608

The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm...

Code injection

The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm...

CVE-2023-36608

CVE-2023-36608 concerns the use of MD5 to hash stored passwords in Ovarro TBox RTUs. The root cause is an insecure cryptographic algorithm for password storage, affecting multiple TBox firmware lines (e.g., MS-CPU32, MS-CPU32-S2, LT2, TG2, RM2) with versions listed up to 1.50.598 and prior for so...

CVE-2023-36608

The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm...

MeterSphere Denial of Service Vulnerability

MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere 2.9.1 and previous versions of a denial of service vulnerability , the vulnerability stems from the submission of a very long password during login , it will force the system to perform a long...

Design/Logic Flaw

MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. ?The checkUserPassword method is used to check whether the password provided by the user matches the password saved in the database, and the CodingUtil.md5 method is used to...

CVE-2023-32699 MeterSphere denial of service vulnerability

MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. ​The checkUserPassword method is used to check whether the password provided by the user matches the password saved in the database, and the CodingUtil.md5 method is used to...

CVE-2023-32699

MeterSphere is affected by a denial-of-service vulnerability in versions up to 2.9.1. The issue arises when a user submits an excessively long password during login, triggering the MD5-based password hashing (CodingUtil.md5) to run for the long password and exhaust server CPU/memory, potentially ...

CVE-2023-32699 MeterSphere denial of service vulnerability

MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. ​The checkUserPassword method is used to check whether the password provided by the user matches the password saved in the database, and the CodingUtil.md5 method is used to...

CVE-2023-32699 MeterSphere denial of service vulnerability

MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. ​The checkUserPassword method is used to check whether the password provided by the user matches the password saved in the database, and the CodingUtil.md5 method is used to...

Online Covid Vaccination Scheduler System 1.0 SQL Injection

Exploit Title: Online Covid Vaccination Scheduler System 1.0 - 'username' time-based blind SQL Injection Date: 2021-07-07 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

h1-ctf: [H1-2006 2020] Bounty Pay CTF challenge

H1-2006 2020 Bounty Pay CTF challenge Hi there! This is my H1-2006 CTF writeup submission. First of all, thanks for the great challenge! This was my first H1 CTF that I played. I really enjoyed doing it and I learned new things solving this challenge. In my case, it was the demonstration that I...

youke365_SQL_Injection#1

优客365 v2.9版本 后台存在SQL注入，可导致获取后台管理员账号密码 1，一个单引号引发的血案 爆出了表名dirusers和一些列名 2，源码审计，问题代码在.\module\login.php 代码处理不严谨。根据上图，经测试，用户名可以用1' or '1'='1进行绕过 密码进行了md5加密，所以不能进行简单绕过 3，sql注入 将爆破后的密码进行md5解密，即可得到管理员密码。当然，也可以顺便爆破管理员账号。（所以通过管理员账号认证是有两种姿势） 4，愉快地登陆后台 最后附上payload payload = ' and select 1 fromselect...

A common Site Management System any user login/SQL injection/GetShell vulnerabilities source code analysis-vulnerability warning-the black bar safety net

Brief description: This system is not open source, most of the universities in use, turn the source off at the next Detailed description: 0x00 General case: code area Manufacturer: Rio Tinto tech Official website: http://www.ltpower.net/ The main is to do the educational products of the...

PageAdmin多处设计缺陷可getshell

简要描述： rt 详细说明： text3 = now.AddSecondsdoublerandom.Next3600, 86164.ToString"yyyyMMddHHmmss"; masterlogin.imMAPgbr7QUplCu6n3ehttpCookie.Add"Valicate", masterlogin.sxW4jRbFsutFEAxed8Smd, text3; 管理员登陆成功，SetCookie 登陆时间+（3600，86164）之间随机的秒数，进行GetMd5运算。 public string GetMd5string s MD5 mD = new...

OFFL <= 0.2.6 (teams.php fflteam) Remote SQL Injection Vulnerability

No description provided by source. -+================================================================================+- -+ OFFL = 0.2.6 Remote SQL Injection Vulnerability +- -+================================================================================+- Discovered By: t0pP8uZz Discovered On:...

PHP-Fusion <= 6.01.15.4 (downloads.php) SQL Injection Vulnerability

No description provided by source. =================================================================== PHP-Fusion = 6.01.15.4 downloads.php SQL Injection Vulnerability =================================================================== + Discovered By : Inj3ct0r + Site : Inj3ct0r.com + support...