Lucene search
K

569 matches found

CVE
CVE
added 2023/09/12 8:15 a.m.127 views

CVE-2023-37879

CVE-2023-37879 affects Wing FTP Server (User Web Client) up to version 7.2.0, where insecure storage of sensitive information enables information elicitation. Multiple sources confirm the issue as a sensitive-info disclosure via the User Web Client, with impact on confidentiality and no indicatio...

7.5CVSS6.6AI score0.0045EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/12 8:15 a.m.19 views

CVE-2023-37879 Exposed Session Variable in Wing FTP Server <= 7.2.0

Insecure storage of sensitive information in Wing FTP Server User Web Client allows information elicitation.This issue affects Wing FTP Server: = 7.2.0...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.5 views

PT-2023-26156 · Unknown · Wing Ftp Server

Name of the Vulnerable Software and Affected Versions: Wing FTP Server versions = 7.2.0 Description: The issue is related to insecure storage of sensitive information in the User Web Client of Wing FTP Server, allowing information elicitation. Recommendations: For versions = 7.2.0, update to a...

7.5CVSS7.2AI score0.0045EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.2 views

PT-2023-5186 · Unknown · Qms Automotive

Name of the Vulnerable Software and Affected Versions: QMS Automotive versions prior to V12.39 Description: The issue is related to the QMS.Mobile module of the QMS Automotive software, which stores sensitive application data in an external insecure storage. This could allow an attacker to alter...

7.8CVSS7.7AI score0.0019EPSS
Exploits0References6
ICS
ICS
added 2023/09/12 12:0 a.m.92 views

Siemans QMS Automotive

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.1CVSS7.7AI score0.00561EPSS
Exploits0References12
Packet Storm
Packet Storm
added 2023/08/22 12:0 a.m.309 views

TSPlus 16.0.0.0 Insecure Credential Storage

Exploit Title: TSPlus 16.0.0.0 - Remote Work Insecure Credential storage Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31069 With TSPlus Remote Work v. 16.0.0.0 you ca...

7.1AI score0.01932EPSS
Exploits3
0day.today
0day.today
added 2023/08/21 12:0 a.m.313 views

TSPlus 16.0.0.0 - Remote Work Insecure Credential storage Vulnerability

Exploit Title: TSPlus 16.0.0.0 - Remote Work Insecure Credential storage Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31069 With TSPlus Remote Work v. 16.0.0.0 you can create a secure...

9.8CVSS9.6AI score0.01932EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.415 views

TSPlus 16.0.0.0 - Remote Work Insecure Credential storage

Exploit Title: TSPlus 16.0.0.0 - Remote Work Insecure Credential storage Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31069 With TSPlus Remote Work v. 16.0.0.0 you ca...

9.8CVSS7AI score0.01932EPSS
Exploits3
SUSE CVE
SUSE CVE
added 2023/08/14 1:34 a.m.2 views

SUSE CVE-2023-32184

A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a...

7.8CVSS7.1AI score0.00281EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/08/14 12:0 a.m.4 views

PT-2023-5399 · Unknown +1 · Opensuse-Welcome +1

Name of the Vulnerable Software and Affected Versions: opensuse-welcome versions 0.1 through 0.1.9+git.35.4b9444a Description: A local attacker can execute code as the user that runs opensuse-welcome if a custom layout is chosen, due to an Insecure Storage of Sensitive Information vulnerability...

7.8CVSS7.4AI score0.00281EPSS
Exploits1References18
NVD
NVD
added 2023/08/07 5:15 a.m.19 views

CVE-2023-39903

An issue was discovered in Fujitsu Software Infrastructure Manager ISM before 2.8.0.061. The ismsnap component in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log allows insecure collection and storage of authorization credentials in cleartext...

5.9CVSS5.9AI score0.00127EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/07 12:0 a.m.16 views

CVE-2023-39903

An issue was discovered in Fujitsu Software Infrastructure Manager ISM before 2.8.0.061. The ismsnap component in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log allows insecure collection and storage of authorization credentials in cleartext...

5.9CVSS6.6AI score0.00127EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/07/12 12:48 p.m.14 views

CVE-2023-38064

In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log...

4.3CVSS7.1AI score0.00413EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/06/27 12:0 a.m.6 views

WordPress plugin MainWP Child 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability...

7.5CVSS7.7AI score0.00662EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/06/26 12:0 a.m.4 views

The vulnerability of the web interface of the ABB My Control System platform, related to the insecure storage of confidential information, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the web interface of the ABB My Control System platform relates to the insecure storage of confidential information. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

10CVSS7.7AI score0.00459EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/06/05 12:0 a.m.19 views

Schweitzer Engineering Laboratories RTAC Insecure Storage of Sensitive Information (CVE-2023-31150)

A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC database system could allow an authenticated attacker to retrieve passwords. See SEL Service Bulletin dated 2022-11-15 for more details. This plugin only...

8CVSS6.4AI score0.00473EPSS
Exploits0References3
Hacker One
Hacker One
added 2023/05/31 8:15 a.m.18 views

Radancy: insecure storage of information, you can view any file uploaded to the server without authentication and only with a single link

Domain and URL: http://███ https://███████ https://████/maximum-wiki-prod-app/ Summary: From a single link I have access to a multitude of uploaded files on the server. All I have to do is search for keywords such as "png" or "user" and I can retrieve the target file without authentication, witho...

6.7AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 6:41 p.m.20 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to insecure storage of sensitive information (CVE-2023-22878)

Summary A vulnerability due to insecure storage of sensitive information was addressed in InfoSphere Information Server. Vulnerability Details CVEID:CVE-2023-22878 DESCRIPTION: IBM InfoSphere Information Server stores user credentials in plain clear text which can be read by a local user. CVSS Ba...

6.2CVSS5.2AI score0.00124EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/05/10 2:15 p.m.5 views

CVE-2022-44619

Insecure storage of sensitive information in the IntelR DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS5.8AI score0.00198EPSS
Exploits0References1
OSV
OSV
added 2023/05/10 2:15 p.m.3 views

CVE-2022-43475

Insecure storage of sensitive information in the IntelR DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS5.8AI score0.00168EPSS
Exploits0References1
Rows per page
Query Builder