19 matches found
EUVD-2020-25266
Malware in sbrugna...
EUVD-2024-33531
Malicious code in bioql PyPI...
EUVD-2025-6437
Malicious code in bioql PyPI...
EUVD-2022-43895
Malicious code in bioql PyPI...
CVE-2020-4001
The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack...
CVE-2025-27594
The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack...
CVE-2025-27594
The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack...
CVE-2025-27594
The CVE-2025-27594 entry concerns the SICK DL100-2xxxxxxx series where a proprietary protocol transmits configuration data and authenticates devices without encryption. The underlying issue is the unencrypted protocol, which can allow an attacker to intercept the authentication hash and perform a...
CVE-2025-27594 Unencrypted transmission of password hash
The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack...
CVE-2024-12012
A CWE-598 “Use of GET Request Method with Sensitive Query Strings” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. Both the SHA-1 hash of the password as well as the session tokens are included as part of the URL and therefore exposed to information leakage...
CVE-2024-12012
A CWE-598 “Use of GET Request Method with Sensitive Query Strings” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. Both the SHA-1 hash of the password as well as the session tokens are included as part of the URL and therefore exposed to information leakage...
CVE-2024-12012
CVE-2024-12012 affects Nozomi Networks TCP/IP Gateway (firmware 12h). The flaw stems from CWE-598: GET requests carrying sensitive query strings leak the SHA-1 password hash and session tokens via the URL, enabling information leakage and potential bypass of authentication (pass-the-hash). Affect...
‘RockYou2024’: Nearly 10 billion passwords leaked online
On a popular hacking form, a user has leaked a file that contains 9,948,575,739 unique plaintext passwords. The list appears to be a compilation of passwords that were obtained during several old and more recent data breaches. The list is referred to as RockYou2024 because of its filename,...
PT-2022-25422 · Wavlink · Wavlink Quantum D4G
Name of the Vulnerable Software and Affected Versions: WAVLINK Quantum D4G WN531G3 versions M31G3.V5030.200325 and earlier Description: The issue arises because the WAVLINK Quantum D4G WN531G3 communicates over HTTP instead of HTTPS, and its hashing mechanism does not rely on a server-supplied ke...
CVE-2020-4001
The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack...
CVE-2020-4001
The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack...
CVE-2020-4001
The CVE-2020-4001 issue affects VMware SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x, due to default credentials that may enable a Pass-the-Hash attack. The vulnerability is documented in VMware’s advisory VMSA-2020-0025 and is corroborated by related Red Hat/NVD entries. Impact is described as a h...
VMware SD-WAN Orchestrator updates address multiple security vulnerabilities (CVE-2020-3984, CVE-2020-3985, CVE-2020-4000, CVE-2020-4001, CVE-2020-4002 ,CVE-2020-4003)
3a. SQL injection vulnerability due to improper input validation CVE-2020-3984 The SD-WAN Orchestrator does not apply correct input validation which allows for SQL-injection. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of...
Microsoft Office SMB Information Disclosure
Vulnerability Summary The following advisory describes an information disclosure found in Microsoft Office versions 2010, 2013, and 2016. Microsoft Office is: “Whether you’re working or playing, Microsoft is here to help. We’re the company that created Microsoft Office, including Office 365 Home,...