MELAG FTP Server Information Disclosure Vulnerability

MELAG FTP Server is an FTP server from MELAG Germany.An information disclosure vulnerability exists in MELAG FTP Server version 2.2.0.4, which stems from storing the unencrypted password of an FTP user in a local configuration file. An attacker could exploit this vulnerability to obtain sensitive...

CVE-2021-41639

MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file...

CVE-2021-41637

Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users...

CVE-2021-41639

MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file...

Design/Logic Flaw

MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file...

CVE-2021-41637

CVE-2021-41637 concerns MELAG FTP Server 2.2.0.4 with weak access control that permits the Everyone group to read the local FTP configuration file, exposing unencrypted passwords of all FTP users. The connected CNVD/CVE entries describe this as an authorization issue rooted in improper file permi...

CVE-2021-41639

MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file...

GHSA-9H79-5M2F-MQJ2 Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text

Squash TM Publisher Squash4Jenkins Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file org.jenkinsci.squashtm.core.SquashTMPublisher.xml on the Jenkins controller as part of its configuration. These passwords can be viewed by users with access to the Jenkins...

Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text

Squash TM Publisher Squash4Jenkins Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file org.jenkinsci.squashtm.core.SquashTMPublisher.xml on the Jenkins controller as part of its configuration. These passwords can be viewed by users with access to the Jenkins...

User passwords stored in plain text by Jenkins EasyQA Plugin

EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file EasyQAPluginProperties.xml on the Jenkins controller as part of its configuration. These passwords can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34202

Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

Design/Logic Flaw

Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34213

Jenkins Squash TM Publisher Squash4Jenkins Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

PT-2022-22084 · Jenkins · Jenkins Squash Tm Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Squash TM Publisher Squash4Jenkins Plugin versions 1.0.0 and earlier Description: The issue allows passwords to be stored unencrypted in the global configuration file on the Jenkins controller, making them accessible to users with...

PT-2022-22072 · Jenkins · Jenkins Easyqa Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins EasyQA Plugin versions 1.0 and earlier Description: The issue concerns the storage of user passwords in an unencrypted manner within the global configuration file on the Jenkins controller. Specifically, the passwords are stored in th...

CVE-2022-1823

Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin Living off the land attack. This could result in the user gaining elevated permissions and being able to execu...

CVE-2022-1823

Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin Living off the land attack. This could result in the user gaining elevated permissions and being able to execu...

Privilege escalation

Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin Living off the land attack. This could result in the user gaining elevated permissions and being able to execu...

CVE-2022-1823 McAfee MCPR privilege escalation

Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin Living off the land attack. This could result in the user gaining elevated permissions and being able to execu...

CVE-2022-20736

A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This...