31 matches found
CVE-2021-33325
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the database if workflow is enabled for user creation, which allows attackers with access to the...
EUVD-2003-1214
Malware in sbrugna...
EUVD-2021-14249
Malware in sbrugna...
EUVD-2013-1468
Malware in sbrugna...
EUVD-2005-4407
Malware in sbrugna...
EUVD-2020-26885
Malware in sbrugna...
EUVD-2001-1384
Malware in sbrugna...
EUVD-2022-27846
Malicious code in bioql PyPI...
CVE-2022-44014
An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LMAPI/api/SelectionService/GetPaggedTab...
CVE-2021-25276
In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files that include users' password hashes that is world readable and writable. An unprivileged Windows user having access to the server's filesystem can add an FTP user by copying a valid profile file to thi...
GHSA-H8H6-7752-G28C Manifest Uses a One-Way Hash without a Salt
Summary Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same...
CVE-2023-1831 User password logged in audit logs
Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled ExperimentalAuditSettings section in config...
PT-2022-27077 · Unknown · Simmeth Lieferantenmanager
Name of the Vulnerable Software and Affected Versions: Simmeth Lieferantenmanager versions prior to 5.6 Description: An issue in the design of the API allows a user to fetch arbitrary SQL tables, leaking all user passwords and MSSQL hashes via the "/DS/LM API/api/SelectionService/GetPaggedTab" AP...
PT-2022-6293 · Апекс-Вуз · Апекс-Вуз
Name of the Vulnerable Software and Affected Versions: Апекс-ВУЗ affected versions not specified Description: The issue is related to the password reset mechanism in the education automation system, which uses the SHA-1 encryption algorithm with insufficient strength. This could allow a remote...
EUVD-2021-23339
ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers to determine the passwords of all DataVault users across USB drives sold under multiple brand names...
DoraCMS Encryption Problem Vulnerability
DoraCMS is based on Nodejs+eggjs+mongodb written a content management system . An encryption issue vulnerability exists in DoraCMS 2.1.1 and earlier versions. The vulnerability arises because the program does not use AES-CBC encryption with random salts or IVs, which makes user-encrypted password...
Design/Logic Flaw
In CloudVision Portal CVP for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which a...
Mozilla Firefox < 62.0 Multiple Vulnerabilities
Binary data 700407.prm...
Low: Red Hat Security Advisory: Red Hat Network Proxy spacewalk-backend security and bug fix update
Updated spacewalk-backend packages that fix one security issue are now available for Red Hat Network Proxy 5.4. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2008-4165
admin/user/createuser.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows local administrators, and possibly remote attackers, to obtain cleartext passwords by reading the sslaccesslog file or the referer string...