569 matches found
CVE-2023-37879
CVE-2023-37879 affects Wing FTP Server (User Web Client) up to version 7.2.0, where insecure storage of sensitive information enables information elicitation. Multiple sources confirm the issue as a sensitive-info disclosure via the User Web Client, with impact on confidentiality and no indicatio...
CVE-2023-37879 Exposed Session Variable in Wing FTP Server <= 7.2.0
Insecure storage of sensitive information in Wing FTP Server User Web Client allows information elicitation.This issue affects Wing FTP Server: = 7.2.0...
PT-2023-26156 · Unknown · Wing Ftp Server
Name of the Vulnerable Software and Affected Versions: Wing FTP Server versions = 7.2.0 Description: The issue is related to insecure storage of sensitive information in the User Web Client of Wing FTP Server, allowing information elicitation. Recommendations: For versions = 7.2.0, update to a...
PT-2023-5186 · Unknown · Qms Automotive
Name of the Vulnerable Software and Affected Versions: QMS Automotive versions prior to V12.39 Description: The issue is related to the QMS.Mobile module of the QMS Automotive software, which stores sensitive application data in an external insecure storage. This could allow an attacker to alter...
Siemans QMS Automotive
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
TSPlus 16.0.0.0 Insecure Credential Storage
Exploit Title: TSPlus 16.0.0.0 - Remote Work Insecure Credential storage Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31069 With TSPlus Remote Work v. 16.0.0.0 you ca...
TSPlus 16.0.0.0 - Remote Work Insecure Credential storage Vulnerability
Exploit Title: TSPlus 16.0.0.0 - Remote Work Insecure Credential storage Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31069 With TSPlus Remote Work v. 16.0.0.0 you can create a secure...
TSPlus 16.0.0.0 - Remote Work Insecure Credential storage
Exploit Title: TSPlus 16.0.0.0 - Remote Work Insecure Credential storage Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31069 With TSPlus Remote Work v. 16.0.0.0 you ca...
SUSE CVE-2023-32184
A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a...
PT-2023-5399 · Unknown +1 · Opensuse-Welcome +1
Name of the Vulnerable Software and Affected Versions: opensuse-welcome versions 0.1 through 0.1.9+git.35.4b9444a Description: A local attacker can execute code as the user that runs opensuse-welcome if a custom layout is chosen, due to an Insecure Storage of Sensitive Information vulnerability...
CVE-2023-39903
An issue was discovered in Fujitsu Software Infrastructure Manager ISM before 2.8.0.061. The ismsnap component in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log allows insecure collection and storage of authorization credentials in cleartext...
CVE-2023-39903
An issue was discovered in Fujitsu Software Infrastructure Manager ISM before 2.8.0.061. The ismsnap component in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log allows insecure collection and storage of authorization credentials in cleartext...
CVE-2023-38064
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log...
WordPress plugin MainWP Child 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability...
The vulnerability of the web interface of the ABB My Control System platform, related to the insecure storage of confidential information, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the web interface of the ABB My Control System platform relates to the insecure storage of confidential information. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
Schweitzer Engineering Laboratories RTAC Insecure Storage of Sensitive Information (CVE-2023-31150)
A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC database system could allow an authenticated attacker to retrieve passwords. See SEL Service Bulletin dated 2022-11-15 for more details. This plugin only...
Radancy: insecure storage of information, you can view any file uploaded to the server without authentication and only with a single link
Domain and URL: http://███ https://███████ https://████/maximum-wiki-prod-app/ Summary: From a single link I have access to a multitude of uploaded files on the server. All I have to do is search for keywords such as "png" or "user" and I can retrieve the target file without authentication, witho...
Security Bulletin: IBM InfoSphere Information Server is vulnerable due to insecure storage of sensitive information (CVE-2023-22878)
Summary A vulnerability due to insecure storage of sensitive information was addressed in InfoSphere Information Server. Vulnerability Details CVEID:CVE-2023-22878 DESCRIPTION: IBM InfoSphere Information Server stores user credentials in plain clear text which can be read by a local user. CVSS Ba...
CVE-2022-44619
Insecure storage of sensitive information in the IntelR DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2022-43475
Insecure storage of sensitive information in the IntelR DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access...