15 matches found
CVE-2025-52026
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 ...
EUVD-2015-1003
Malware in sbrugna...
EUVD-2008-1883
Malware in sbrugna...
CVE-2020-8791
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to make unauthorized API requests on behalf of arbitrary...
CVE-2015-0995
Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack...
Default credentials
Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack...
CVE-2013-5097
Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensitive information via a dictionary attack, a...
Design/Logic Flaw
Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensitive information via a dictionary attack, a...
sebraccms-sql.txt
Name: SebracCMS Webiste: http://www.sebrac.netsons.org/cms/ Vulnerability type: SQL Injection Author: shinmai, 2008-06-28 Description: SebracCMS contains two major SQL injection vulnerabilities: Unsanitazed POST-variables in SQL queries when logging users in. This allows login access without prop...
Design/Logic Flaw
The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string...
CVE-2008-1883
The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string...
Nodez <= 4.6.1.1 Mercury Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ======================================================== Nodez = 4.6.1.1 Mercury Multiple Remote Vulnerabilities ======================================================== !/usr/bin/php -q -d shortopentag=on ? echo "Nodez 4.6.1.1 Mercury...
CVE-2006-0370
Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes...
Improper access control
Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes...
CVE-2006-0370
Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes...