25 matches found
EUVD-2009-2083
Malware in sbrugna...
EUVD-2006-3779
Malware in sbrugna...
EUVD-2013-7063
Malware in sbrugna...
CVE-2025-24007
A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System MSS All versions, SIRIUS Safety Relays 3SK2 All versions. Affected devices only provide weak password obfuscation. An attacker with network access could retrieve and de-obfuscate the safety password used for protection again...
CVE-2025-24007
A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System MSS All versions, SIRIUS Safety Relays 3SK2 All versions. Affected devices only provide weak password obfuscation. An attacker with network access could retrieve and de-obfuscate the safety password used for protection again...
Siemens SIRIUS 3RK3 Modular Safety System和Siemens SIRIUS Safety Relays 3SK2 加密问题漏洞
Siemens SIRIUS 3RK3 Modular Safety System and Siemens SIRIUS Safety Relays 3SK2 are both products of Siemens, Germany.Siemens SIRIUS 3RK3 Modular Safety System is a modular Siemens SIRIUS Safety Relays 3SK2 is a safety relay. Siemens SIRIUS 3RK3 Modular Safety System and Siemens SIRIUS Safety...
CVE-2024-52884
An issue was discovered in AudioCodes Mediant Session Border Controller SBC before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports INI is able to decrypt the passwords...
WebNMS Framework Server Credential Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebNMS Framework Server Credential Disclosure', 'Description' = %q This module abuses two vulnerabilities in WebNMS Framework Server 5.2 to extra...
AZL-36943 CVE-2023-33187 affecting package highlight 4.18-1
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to type="text" via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates type="password" inputs...
SUSE CVE-2009-2087
The Web Services functionality in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial ...
sos bug fix and enhancement update
An update is available for sos. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The sos package contains a set of utilities that gather information from system...
CVE-2021-29043
The CVE-2021-29043 issue affects Liferay Portal/DXP: Portal Store module versions 7.0.0–7.3.5 (and Liferay DXP 7.0 prior to fix pack 97, 7.1 prior to fix pack 21, 7.2 prior to fix pack 10, 7.3 prior to fix pack 1) do not obfuscate the S3 store proxy password. This enables an attacker to harvest t...
Twonky Server < 8.5.2 Multiple Vulnerabilities
Twonky Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:lynxtechnology:twonkyserver";...
CVE-2021-3130
Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible...
CVE-2019-13023
Bond JetSelect (all versions) exposes credentials through the web UI: RADIUS secrets, WPA passwords, and SNMP strings hidden with HTML password-field obfuscation can be revealed by using browser Dev Tools to modify the obfuscation. The root cause is client-side password masking rather than server...
CVE-2016-6602
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit...
Specify logging level to Prevent Root DEBUG from Exposing Login
h3. Summary Setting root level DEBUG can expose login information username/pw when JIRA is connected to Crowd for user management, as it outputs the REST POST contents that are transmitted through the HttpClient. h3. Environment Crowd integrated with JIRA for user management. h3. Steps to Reprodu...
CVE-2012-1793: PCWELT PcwRunAsGui and PcwRunAs information disclosure
The CVE-2012-1793 entry concerns PC-Welt’s PcwRunAsGui and PcwRunAs. A design flaw in the password obfuscation allows a local attacker to recover or decrypt passwords encrypted by pcwRunAsGui.exe, effectively exposing sensitive credentials from the RunAs workflow. The PacketStorm entry classifies...
CVE-2011-0527: VMware vFabric tc Server password obfuscation bypass
Severity: Important Versions Affected: 2.0.0.RELEASE to 2.0.5.SR01 2.1.0.RELEASE to 2.1.1.SR01 Description: tc Server allows users to store the passwords used for JMX authentication in an obfuscated form for organizations where storing passwords in plain text is not permitted. The JMX...
IBM WebSphere Application Server 7.0 < Fix Pack 5
IBM WebSphere Application Server 7.0 before Fix Pack 5 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - Non-standard HTTP methods are allowed. PK73246 - If the admin console is directly accessed from HTTP, the console fails to redirect t...