CVE-2021-44600

The password parameter on Simple Online Mens Salon Management System MSMS 1.0 appears to be vulnerable to SQL injection attacks through the password parameter. The predictive tests of this application interacted with that domain, indicating that the injected SQL query was executed. The attacker c...

Hancom With AnySign4Pc 路径遍历漏洞

Hancom With AnySign4Pc is an executable .exe file from the South Korean company Hancom With. A path traversal vulnerability exists in Hancom With AnySign4Pc. The vulnerability stems from exploiting the parameters of the getPFXFolderList function, which allows an attacker to see authorization...

The vulnerability of the Enterprise Resource Planning tool LedgerSMB lies in the absence of the “Secure” attribute being set in the authentication cookie files. This allows attackers to obtain authentication data.

The vulnerability of the enterprise resource planning tool LedgerSMB lies in the absence of the “Secure” attribute being set in the session cookie files during authentication. Exploiting this vulnerability could allow an attacker, operating remotely, to obtain authentication data by intercepting...

CVE-2021-41011

LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information...

CVE-2021-20332 MongoDB Rust Driver may publish events containing authentication-related data to a connection pool event listener configured by an application

Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credential...

CVE-2021-25644

An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators...

Debian DLA-2664-1 : curl security update

Viktor Szakats reported that libcurl, an URL transfer library, does not strip off user credentials from the URL when automatically populating the Referer HTTP request header field in outgoing HTTP requests. Sensitive authentication data may leak to the server that is the target of the second HTTP...

CVE-2020-27185

Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service...

CVE-2020-27185

Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service...

CVE-2021-20331

Specific versions of the MongoDB C Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslContinue", "isMaster", "createUser",...

CVE-2021-20331 MongoDB C# Driver may publish events containing authentication-related data to a command listener configured by an application

Specific versions of the MongoDB C Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslContinue", "isMaster", "createUser",...

PT-2021-13890 · Mongodb · Mongodb C Driver

Name of the Vulnerable Software and Affected Versions: MongoDB C Driver versions 2.12.0 through 2.12.1 Description: The MongoDB C Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain...

Security update for irssi (moderate)

openSUSE Security Update: Security update for irssi Announcement ID: openSUSE-SU-2021:0587-1 Rating: moderate References: 1184848 Affected Products: openSUSE Leap 15.2 An update that contains security fixes can now be installed. Description: This update for irssi fixes the following issues: irssi...

MDR Vendor Must-Haves, Part 4: Ingestion of Authentication Data Across Local, Domain, and Cloud Sources

This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” There isn’t a single threat or breach that doesn’t involve attackers using legitimate credentials to cause harm...

The vulnerability of the authentication policy for the “Red Database” database management systems, related to errors in authentication data verification, allows attackers to increase their privileges.

The vulnerability of the authentication policy for the “Red Database” database management systems is related to an error in verifying authentication data. Exploiting this vulnerability can allow attackers, operating remotely, to increase their privileges...

USN-4869-1 aria2 vulnerability

It was discovered that aria2 could accidentally leak authentication data. An attacker could possibly use this to gain access to sensitive information...

Sovremennye Delovye Tekhnologii FX Aggregator Security Breach

A security vulnerability exists in Sovremennye Delovye Tekhnologii FX that originates from storing authentication credentials in plaintext during login...

Sql injection

SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login...

Interpol Arrests 3 Nigerian BEC Scammers For Targeting Over 500,000 Entities

Three Nigerian citizens suspected of being members of an organized cybercrime group behind distributing malware, carrying out phishing campaigns, and extensive Business Email Compromise BEC scams have been arrested in the city of Lagos, Interpol reported yesterday. The investigation, dubbed...

CVE-2020-27656

Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors...