WordPress Redux Framework <=4.2.11 - Information Disclosure

WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 has...

Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple

CVE-2019-9053 — Unauthenticated SQL Injection in CMS Made Simp...

Improper Authorization

Streampark is vulnerable to Improper Authorization. The vulnerability is due to the Backend service returning "Authorization" as the front-end authentication credential upon successful login, allowing users to request other users' information, including the administrator's username, password, and...

PassBreaker - Command-line Password Cracking Tool Developed In Python

PassBreaker is a command-line password cracking tool developed in Python. It allows you to perform various password cracking techniques such as wordlist-based attacks and brute force attacks. Features Wordlist-based password cracking Brute force password cracking Support for multiple hash...

Hash Collisions and Front-Running Risk

Lines of code Vulnerability details Salt Value in Proxy Deployment: The contract uses a salt value of 0 during the deployment of proxy delegator contracts. This introduces a significant security concern related to potential hash collisions. If multiple delegators attempt to deploy to the same...

CVE-2023-26855

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...

CVE-2023-26855

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...

SUSE CVE-2013-4132

KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pwencrypt functions, which allows remote attackers to cause a denial of service NULL pointer dereference and crash via 1 an invalid salt or a 2 DES or 3 MD5 encrypted password, when FIPS-140 is...

Ets5 Password Recovery 信任管理问题漏洞

Ets5 Password Recovery is an open source Poc for CVE-2021-36799 by Robert Gutzkow Individual Developer. Ets5 Password Recovery suffers from a trust management issue vulnerability that stems from the software's use of the hard-coded password ETS5Password with a salt value of Ivan Medvedev, which...

CVE-2021-36799

KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2020-9449

An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS client, and BlaB! WS Pro client version 19.11 allows an attacker with a guest or user session cookie to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitra...

Sensitive Information Disclosure

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller MVC framework for web application development. Action Pack implemen...

Arbitrary Command Execution

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller MVC framework for web application development. Action Pack implemen...

Credential Disclosure Through A Brute Force Attack

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller MVC framework for web application development. Action Pack implemen...

SUSE-SU-2016:0290-1 Security update for ecryptfs-utils

This update for ecryptfs-utils fixes the following issues: - CVE-2016-1572: A local user could have escalated privileges by mounting over special filesystems bsc962052 - CVE-2014-9687: A default salt value reduced complexity of offline precomputation attacks bsc920160...

SUSE-SU-2016:0241-1 Security update for ecryptfs-utils

This update for ecryptfs-utils fixes the following issues: - CVE-2016-1572: A local user could have escalated privileges by mounting over special filesystems bsc962052 - CVE-2014-9687: A default salt value reduced complexity of offline precomputation attacks bsc920160...

Important: Red Hat Security Advisory: cfme security, bug fix, and enhancement update

Updated cfme packages that fix several security issues, multiple bugs, and add one enhancement are now available for Red Hat CloudForms 3.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which gi...

Empire CMS backstage password reset vulnerability-vulnerability warning-the black bar safety net

5.0 and previous versions: use phpmyadmin to modify the phomeenewsuser table, the password field is set to the value: e10adc3949ba59abbe56e057f20f883e The password is: 1 2 3 4 5 6 Version 5.1: use phpmyadmin to modify the phomeenewsuser table of the record: the password field value is set...