|
211591
|
7.5 |
HIGH
Network
|
psyprax
|
psyprax
|
An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAA…
|
CWE-326
CWE-522
Inadequate Encryption Strength
Insufficiently Protected Credentials
|
CVE-2020-10554
|
2024-11-21 13:55 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211592
|
5.5 |
MEDIUM
Local
|
psyprax
|
psyprax
|
An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%\Psyprax32\PPScreen.ini contains a hash for the lockscreen (aka screensaver) of the application. If that entry is removed, the l…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-10553
|
2024-11-21 13:55 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211593
|
8.1 |
HIGH
Network
|
psyprax
|
psyprax
|
An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read …
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2020-10552
|
2024-11-21 13:55 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211594
|
5.5 |
MEDIUM
Local
|
newmediacompany
|
smarty
|
An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated password…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2020-10375
|
2024-11-21 13:55 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211595
|
6.5 |
MEDIUM
Network
|
iobit
|
advanced_systemcare
|
The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode …
|
NVD-CWE-noinfo
|
CVE-2020-10234
|
2024-11-21 13:55 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211596
|
9.8 |
CRITICAL
Network
|
epikur
|
epikur
|
An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort() function that, upon user login, checks the submitted password against the user password's MD5 hash stor…
|
CWE-287
Improper Authentication
|
CVE-2020-10539
|
2024-11-21 13:55 |
2021-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211597
|
5.5 |
MEDIUM
Local
|
epikur
|
epikur
|
An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purpose…
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2020-10538
|
2024-11-21 13:55 |
2021-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211598
|
7.8 |
HIGH
Local
|
epikur
|
epikur
|
An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 server with a default configuration is running on TCP port 4848. No password is required to access it with the administrator account.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-10537
|
2024-11-21 13:55 |
2021-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211599
|
9.8 |
CRITICAL
Network
|
proofpoint
|
insider_threat_management_server
|
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteImage API. The vulnerability allows an anonymous…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-10658
|
2024-11-21 13:55 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211600
|
7.2 |
HIGH
Network
|
proofpoint
|
insider_threat_management_server
|
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature. The vulnerability allows a remote …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-10657
|
2024-11-21 13:55 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
