CVE-2022-28167

Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log...

CVE-2022-28167

Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log...

Cross site request forgery (csrf)

CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/accesslog, then use them to make a request to extract the victim's password for the OS...

PT-2019-13827 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel versions 0.9.8.856 through 0.9.8.864 Description: The issue allows an attacker to obtain a victim's session file name from the /tmp directory and the victim's token value from /usr/local/cwpsrv/logs/access log. This informati...

CVE-2019-13539

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based...

Design/Logic Flaw

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based...

CVE-2019-13539

CVE-2019-13539 affects Medtronic Valleylab FT10 and FX8 platforms (Exchange Client v3.4 and below; FT10 v4.0.0 and below; FX8 v1.1.0 and below) due to the use of the descrypt OS password hashing (CWE-328). The issue enables an attacker who can access the device to obtain local shell access and re...