CVE-2019-20061

The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the system-picked password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial password...

EUVD-2025-28745

E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...

EUVD-2022-42683

Malicious code in bioql PyPI...

CVE-2025-6519

E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...

RHEL 8 : fwupd (RHSA-2024:1106)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1106 advisory. The fwupd packages provide a service that allows session software to update device firmware. Security Fixes: fwupd: world readable password in...

Synacor Zimbra Security Vulnerability

Synacor Zimbra is an open source email collaboration platform from Synacor, Inc. A security vulnerability exists in Synacor Zimbra Collaboration ZCS version 8.8.15, 9.0, which stems from a closed account with 2FA and a generated password that can send emails when configured as Imap/smtp...

RHEL 8 : fwupd (RHSA-2023:7189)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7189 advisory. The fwupd packages provide a service that allows session software to update device firmware. Security Fixes: fwupd: world readable password in...

SUSE CVE-2022-3287

When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...

CVE-2022-3287

A flaw was found in fwupd. When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...

CVE-2022-33737

The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password...

Simple JWT Login < 3.3.0 - Insecure Password Creation

The plugin can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the strshuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic purposes" according to PHP's documentation...

Herospeed - TelnetSwitch Remote Stack Overflow / Overwrite Password / Enable TelnetD Exploit

Exploit for hardware platform in category remote exploits !/usr/bin/env python2.7 Herospeed TelnetSwitch daemon running on TCP/787, for allowing enable of the telnetd. Where one small stack overflow allows us to overwrite the dynamicly generated password and enable telnetd. Verified 1 Fullhan IPC...

Fedora 10 : phpMyAdmin-3.2.0.1-1.fc10 (2009-7340)

The first security release for phpMyAdmin 3.2.0: - security XSS: Insufficient output sanitizing in bookmarks This version contains a number of small new features and some bug fixes: - core better support for vendor customisation based on what Debian needs - rfe warn when session.gcmaxlifetime is...