CVE-2023-49238

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation in certain installation scenarios because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in befor...

PT-2025-16270 · Ibm · Ibm Aspera Console

Name of the Vulnerable Software and Affected Versions: IBM Aspera Console versions 3.4.0 through 3.4.4 Description: The issue allows passwords to be reused when a new user logs into the system. Recommendations: For IBM Aspera Console versions 3.4.0 through 3.4.4, consider implementing a password...

CVE-2024-37893 MFA bypass in oauth flow in Firefly III

Firefly III is a free and open source personal finance manager. In affected versions an MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to Firefly III data using passwords stolen from...

CVE-2024-37893

Firefly III Vulnerability (CVE-2024-37893): A MFA bypass in the Firefly III OAuth flow could allow an attacker to bypass MFA and access data via password spraying, leveraging compromised passwords from other sources. Attackers could enumerate OAuth applications (due to incrementing IDs) to target...

CVE-2023-49238

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation in certain installation scenarios because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in befor...

CVE-2023-49238

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation in certain installation scenarios because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in befor...

CVE-2023-49238

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation in certain installation scenarios because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in befor...

PT-2023-27229 · Arris · Arris Dg860A +1

Name of the Vulnerable Software and Affected Versions: Arris DG860A affected versions not specified Arris DG1670A affected versions not specified Description: The devices have predictable default WPA2 PSKs, which could lead to unauthorized remote access. They use the first 6 characters of the SSI...

Swift Sensors Gateway device password generation authentication bypass vulnerability

Summary An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Version...

Admin password re-use. Don’t do it

As a pentester, one of the most disappointing sights is see on a test is extensive local admin password reuse. I know others get excited as it means easy pwnage of the network, but for me, it makes my job too straightforward. I want more of a challenge, particularly as resolving the local admin...

Baker Hughes Bently Nevada 3500

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Bently Nevada, a Baker Hughes subsidiary Equipment: 3500 Vulnerability: Use of Password Hash with Insufficient Computational Effort 2. REPOSTED INFORMATION This advisory was originally posted to the...

PT-2019-16946 · Ibm · Ibm Open Power Firmware

Name of the Vulnerable Software and Affected Versions: IBM Open Power Firmware versions OP910 and OP920 Description: The issue allows access to the Baseboard Management Controller BMC via Intelligent Platform Management Interface IPMI using the default OpenBMC password, even after the BMC passwor...

Researcher Finds Credentials for 92 Million Users of DNA Testing Firm MyHeritage

MyHeritage, an Israeli-based genealogy and DNA testing company, disclosed today that a security researcher found on the Internet a file containing the email addresses and hashed passwords of more than 92 million of its users. MyHeritage says it has no reason to believe other user data was...

ICSMA-17-082-01_BD Kiestra PerformA and KLA Journal Service Applications Hard-Coded Passwords Vulnerability

OVERVIEW Becton, Dickinson and Company BD has identified a hard-coded password vulnerability in BD’s Kiestra PerformA and KLA Journal Service applications that access the BD Kiestra Database. BD has produced compensating controls to reduce the risk of exploitation of the identified vulnerability ...

How to Freeze Credit Report To Protect Yourself Against Identity Theft

If your Social Security number gets hacked in any data breaches, including recently hacked T-Mobile, then there's a way to prevent hackers from misusing your identity i.e. identity theft. The solution here is that you can institute a security freeze at each of the three credit bureaus, Equifax,...

Henry Schein Dentrix G5 uses hard-coded database credentials shared across multiple installations

Overview Henry Schein Dentrix G5, a dental practice management software suite, uses hard-coded database access credentials that are shared across multiple installation sites. An attacker who is able to obtain the credentials for one site may be able to gain access to other sites using the same...

As you create an account

As you create an account on Facebook, be careful about all the personal information you volunteer during the registration process. Facebook only needs your name and a fake birthday. Do NOT use the same password you use for your e-mail or other sensitive online accounts. If your Facebook account i...

pSys 0.7.0.a - 'shownews' SQL Injection

pSys - 0.7.0. alpha shownews SQL Injection Bug by: h0yt3r Bug in here: if isset$REQUEST'shownews' && $REQUEST'shownews' != "" $sqlbefehl="Select titel from $tabnews Where id = '".intval$REQUEST'shownews'."'"; $gettitel = mysqlquery$sqlbefehl,$serverid; $news=mysqlfetcharray$gettitel; $pagetitle =...

PT-1998-1090 · Unix · Unix

Name of the Vulnerable Software and Affected Versions: Unix affected versions not specified Description: The issue concerns a Unix account with a default, null, blank, or missing password. Recommendations: For all affected versions, ensure that strong, unique passwords are set for all Unix accoun...