364 matches found
CVE-2024-49396
CVE-2024-49396 affects Elvaco M-Bus Metering Gateway CMe3100 (version 1.12.1). The flaw is insufficiently protected credentials, enabling an attacker to impersonate Elvaco and send false information. Public documentation from CISA/ICSA notes remote exploitation with low attack complexity and prov...
Kieback&Peter DDC4000 Series
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Kieback&Peter Equipment : DDC4000 Series Vulnerabilities : Path Traversal, Insufficiently Protected Credentials, Use of Weak Credentials 2. RISK EVALUATION Successful exploitation of these...
PT-2024-33506 · Elvaco · Elvaco
Name of the Vulnerable Software and Affected Versions: Elvaco affected versions not specified Description: The issue arises from insufficiently protected credentials, potentially allowing an attacker to impersonate Elvaco and send false information. Recommendations: At the moment, there is no...
CVE-2024-28981 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields...
CVE-2024-28981 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields...
Hughes Network Systems WL3000 Fusion Software
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION : Low attack complexity Vendor : Hughes Network Systems Equipment : WL3000 Fusion Software Vulnerabilities : Insufficiently Protected Credentials, Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of these...
Texas Instruments Fusion Digital Power Designer 7.10.1 Credential Disclosure
Insufficiently Protected Credentials in Texas Instruments Fusion Digital Power Designer v.7.10.1 Credit: Gionathan Armando Reale...
CVE-2024-7813
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. This issue affects some unknown processing of the file /uploadImage/Profile/ of the component Profile Image Handler. The manipulation leads to insufficiently protected credentials...
CVE-2024-7813 SourceCodester Prison Management System Profile Image insufficiently protected credentials
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. This issue affects some unknown processing of the file /uploadImage/Profile/ of the component Profile Image Handler. The manipulation leads to insufficiently protected credentials...
CVE-2024-7813
CVE-2024-7813 affects SourceCodester Prison Management System 1.0, specifically the Profile Image Handler via /uploadImage/Profile/. The issue arises from unknown processing of the profile image file, leading to credentials that are insufficiently protected. Exploitation is possible remotely and ...
CVE-2024-4228
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE - 522 - Insufficiently Protected Credentials vulnerability in Magarsus Consultancy SSO Single Sign On allows SQL Injection. This issue...
CVE-2024-4228 SQLi in Magarsus Consultancy's SSO
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE - 522 - Insufficiently Protected Credentials vulnerability in Magarsus Consultancy SSO Single Sign On allows SQL Injection. This issue...
CVE-2024-4228 SQLi in Magarsus Consultancy's SSO
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE - 522 - Insufficiently Protected Credentials vulnerability in Magarsus Consultancy SSO Single Sign On allows SQL Injection. This issue...
CVE-2024-38285 Insufficiently Protected Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools...
Exploit for Insufficiently Protected Credentials in Kyocera Net_Viewer
kygocera CVE-2022-1026 Improved Golang Version of Rapid7 PoC...
CVE-2024-5176
Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and prior...
CVE-2024-5176 Vulnerability in Welch Allyn Configuration Tool Software
Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and prior...
CVE-2024-5176 Vulnerability in Welch Allyn Configuration Tool Software
Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and prior...
Baxter Welch Allyn Configuration Tool
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION : Exploitable remotely Vendor : Baxter Equipment : Welch Allyn Configuration Tool Vulnerability : Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the unintended exposure of...
Westermo EDW-100
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Westermo Equipment : EDW-100 Vulnerabilities : Use of Hard-coded Password, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...