5 matches found
in erikdubbelboer/phpredisadmin
Description $response is a salted md5 hash generated based on the concatenated hashed of credentials with other parameters. It has been discovered that $response compares with $data'response' using comparison operator != in file login.inc.php. This might cause unexpected behavior due to type...
ManageEngine DeviceExpert 5.9 - User Credential Disclosure
No description provided by source. User credential disclosure in ManageEngine DeviceExpert 5.9 Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Background on the affected product: "DeviceExpert is a...
ManageEngine DeviceExpert 5.9 - User Credential Disclosure
Exploit for php platform in category web applications User credential disclosure in ManageEngine DeviceExpert 5.9 Discovered by Pedro Ribeiro email protected, Agile Information Security ========================================================================== Background on the affected product:...
ManageEngine DeviceExpert 5.9 Credential Disclosure
Hi, You can read the usernames and MD5 hashed passwords of all the users in the Device Expert application by sending an unauthenticated request. I am releasing this as a 0 day as ManageEngine have responded that they do not consider this a priority and won't fix it in the near future unless a...
D-Link - Captcha Bypass
D-Link Captcha Bypass ------------------------------------- D-Link released new firmware designed to protect against malware that alters DNS settings by logging in to the router using default administrative credentials. There is a flaw in the captcha authentication system that allows an attacker ...