MySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes. Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during import.
Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning.
This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user's account. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.Īn issue was discovered in Reprise RLM 14.2. Wokka Lokka Q50 devices through allow remote attackers (who know the SIM phone number and password) to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123481 default passwords. The attacker can retrieve all authentication and information about the users of this system. The predictive tests of this application interacted with that domain, indicating that the injected SQL query was executed. The password parameter on Simple Online Mens Salon Management System (MSMS) 1.0 appears to be vulnerable to SQL injection attacks through the password parameter. This issue occurs during the password recovery procedure for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content.ĭalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. NETGEAR XR1000 devices before 1.0.0.58 are affected by a hardcoded password.Ĭertain NETGEAR devices are affected by a hardcoded password.
A UPnP request reveals a device's serial number, which can be used for a password reset. Certain NETGEAR devices are affected by disclosure of sensitive information.