CVE-2026-45027

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...

EUVD-2020-2991

Malware in sbrugna...

EUVD-2011-4361

Malware in sbrugna...

EUVD-2012-2551

Malware in sbrugna...

CVE-2025-53884

NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack offline attack where hashes of known passwords are precomputed...

CVE-2024-47182

Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3...

CVE-2012-3886

AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireless network and then conducting a 1 brute-force attack or 2 rainbow-table attack...

Rainbow Table Attack

github.com/amir20/dozzle is vulnerable to Rainbow Table Attack. The vulnerability is due to the use of sha-256 for password hashing, which is less secure than bcrypt and allows an attacker to easily reverse hashed passwords using rainbow tables...

CVE-2024-38881

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing user passwords...

Insecure Cryptographic Functions

github.com/moov-io/customers uses insecure cryptographic function. An attacker is able to exploit the vulnerability by using a rainbow table attack on the system. Th vulnerability exists due to a probability of a lack of uniqueness in the complexity of the hash function...

GHSA-G636-Q5FC-4PR7 accounts: Hash account number using Salt

@alovak found that currently when we build hash of account number we do not "salt" it. Which makes it vulnerable to rainbow table attack. What did you expect to see? I expected salt some random number from configuration to be used in hash.AccountNumber I would generate salt per tenant at least...

Design/Logic Flaw

DISPUTED An issue was discovered in Z-BlogPHP 2.0.0. zbsystem/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the vendor declined to accept this as a valid...

CVE-2018-11209

An issue was discovered in Z-BlogPHP 2.0.0. zbsystem/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the vendor declined to accept this as a valid issue...

heinekingmedia StashCat Password Attack Vulnerability

heinekingmedia StashCat for Android is an Android-based enterprise communication software from the German company heinekingmedia. heinekingmedia StashCat suffers from a password attack vulnerability that stems from user passwords being hashed directly with SHA-512. By exploiting this vulnerabilit...

Authentication flaw

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SHA-512 without a salt or another key-derivation mechanism to enable a secure secret for...

Dahua DHI-HCVR7216A-S3 Information Disclosure Vulnerability (CNVD-2017-02590)

Dahua DHI-HCVR7216A-S3 is a network DVR product from China Dahua Dahua. A security vulnerability exists in the web interface of NVR firmware version 3.210.0001.10, Camera firmware version 2.400.0000.28.R and SmartPSS software version 1.16.1 in Dahua DHI-HCVR7216A-S3 devices. A remote attacker can...

Code injection

AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireless network and then conducting a 1 brute-force attack or 2 rainbow-table attack...

CVE-2012-3886

AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireless network and then conducting a 1 brute-force attack or 2 rainbow-table attack...

CVE-2012-3886

AirDroid 1.0.4 beta is affected by a cryptography weakness where MD5 is used for data in the checklogin parameter and the 7bb cookie. This allows an attacker on the same LAN to potentially recover sensitive data (cleartext) via sniffing the local wireless network and performing brute-force or rai...

Lessons to learn from the HBGary Federal hack !

The Anonymous attack on HBGary may have amused some who enjoyed the sight of a security firm left embarrassed and exposed, but it should send a shiver down the spine of any IT administrator responsible for securing their own company. Because can you honestly put your hand on your heart and say a...