77 matches found
CVE-2024-7755 HMS Networks EWON FLEXY 202 Insufficiently Protected Credentials
The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials...
HMS EWON FLEXY 202 安全漏洞
HMS EWON FLEXY 202 is a multi-purpose IIoT data gateway from HMS Sweden. Allows machine builders and users to monitor and collect important KPIs for analysis and predictive maintenance. A security vulnerability exists in HMS EWON FLEXY 202 version 14.2s0 that stems from the use of the weak encodi...
PT-2024-38563 · Unknown · Ewon Flexy 202
Name of the Vulnerable Software and Affected Versions: EWON FLEXY 202 affected versions not specified Description: The issue concerns the transmission of credentials using a weak encoding method, specifically base64. An attacker present in the network can intercept the traffic and decode the...
CVE-2024-34542 Advantech ADAM-5630 Weak Encoding for Password
Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process...
Advantech ADAM-5550
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Low attack complexity Vendor : Advantech Equipment : ADAM-5550 Vulnerabilities : Weak Encoding for Password, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to intercept...
Advantech ADAM 5630
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Low attack complexity Vendor : Advantech Equipment : ADAM-5630 Vulnerabilities : Use of Persistent Cookies Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to hijack a...
CVE-2024-42378
Due to weak encoding of user-controlled inputs, eProcurement on SAP S/4HANA allows malicious scripts to be executed in the application, potentially leading to a Reflected Cross-Site Scripting XSS vulnerability. This has no impact on the availability of the application, but it can have some minor...
CVE-2024-42378
CVE-2024-42378 affects SAP S/4HANA eProcurement. Root cause: weak encoding of user-controlled inputs enabling Reflected XSS. Impact is described as minor on confidentiality and integrity; no availability impact. Affected component is the eProcurement module within SAP S/4HANA; exploit details are...
CVE-2024-42378 Cross-Site Scripting (XSS) in eProcurement on S/4HANA
Due to weak encoding of user-controlled inputs, eProcurement on SAP S/4HANA allows malicious scripts to be executed in the application, potentially leading to a Reflected Cross-Site Scripting XSS vulnerability. This has no impact on the availability of the application, but it can have some minor...
CVE-2024-42378 Cross-Site Scripting (XSS) in eProcurement on S/4HANA
Due to weak encoding of user-controlled inputs, eProcurement on SAP S/4HANA allows malicious scripts to be executed in the application, potentially leading to a Reflected Cross-Site Scripting XSS vulnerability. This has no impact on the availability of the application, but it can have some minor...
CVE-2024-34685
Due to weak encoding of user-controlled input in SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can be executed in the application, potentially leading to a Cross-Site Scripting XSS vulnerability. This has no impact on the availability of the application but it has a...
CVE-2024-34685 [CVE-2024-34685] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Knowledge Management XMLEditor
Due to weak encoding of user-controlled input in SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can be executed in the application, potentially leading to a Cross-Site Scripting XSS vulnerability. This has no impact on the availability of the application but it has a...
CVE-2024-5434 Weak Encoding for Password vulnerability in Campbell Scientific CSI Web Server and RTMC
The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were t...
CVE-2024-5434 Weak Encoding for Password vulnerability in Campbell Scientific CSI Web Server and RTMC
The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were t...
Campbell Scientific CSI Web Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Campbell Scientific Equipment : CSI Web Server Vulnerabilities : Path Traversal, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...
PT-2024-36224 · Campbell Scientific · Campbell Scientific Csi Web Server
Name of the Vulnerable Software and Affected Versions: Campbell Scientific CSI Web Server affected versions not specified Description: The issue concerns the storage of web authentication credentials in a file with a specific name. The passwords in this file are stored in a weakly encoded format,...
Campbell Scientific CSI Web Server 安全漏洞
Campbell Scientific CSI Web Server is a web server from Campbell Scientific. A security vulnerability exists in Campbell Scientific CSI Web Server version 1.6 and prior versions, which originates when the password for a file is stored in a weakly encoded format, which allows an attacker to decode...
CVE-2024-23492
A weak encoding is used to transmit credentials for WS203VICM...
Code injection
A weak encoding is used to transmit credentials for WS203VICM...
CVE-2024-23492 Commend WS203VICM Weak Encoding for Password
A weak encoding is used to transmit credentials for WS203VICM...