9 matches found
Cerebrate 信息泄露漏洞
Cerebrate is an open-source platform developed by Cerebrate. It aims to act as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there was a vulnerability involving information leakage, which stemmed from exposing...
PT-2026-7888
Name of the Vulnerable Software and Affected Versions newbee-mall affected versions not specified Description The software stores and verifies user passwords using an unsalted MD5 hashing algorithm. This implementation lacks per-user salts and computational cost controls. Attackers obtaining...
CVE-2025-64061
Primakon Pi Portal 1.0.18 /api/v2/users endpoint is vulnerable to unauthorized data exposure due to deficient access control mechanisms. Any authenticated user, regardless of their privilege level including standard or low-privileged users, can make a GET request to this endpoint and retrieve a...
CVE-2025-57433
The CVE-2025-57433 entry concerns the 2wcom IP-4c device (version 2.15.5). A vulnerability in the web interface allows information disclosure via a crafted POST to /cwi/ajax_request/get_data.php. An authenticated user, even with low privileges (e.g., guest), can retrieve hashed passwords for admi...
Ibermática RPS 2019 Log Information Disclosure Vulnerability
Ibermática RPS 2019 is an ERP software from Ibermática. Ibermática RPS 2019 suffers from a log message disclosure vulnerability that originates from an attacker being able to download a log file that contains a password hash encoded using the AES-CBC-128 bit algorithm, which can be decrypted usin...
SUSE CVE-2019-3700
yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security switched to stronger...
CVE-2022-0652
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710...
The vulnerability of the Windows operating system’s network authentication protocol, NT LAN Manager (NTLM), allows a hacker to access user password hashes.
The vulnerability of the Windows operating system’s Network Authentication Protocol NTLM exists due to the incorrect implementation of the NTLM authentication algorithm. Exploiting this vulnerability allows a malicious actor to obtain access to user password hashes through a specially crafted SCF...
CVE-2009-0250
Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash via a direct request for config/password...