569 matches found
Google Play Diibear 安全漏洞
Google Play Diibear is an application from Google Play. It provides a feature that allows parents to use the application to stay in touch with the kindergarten and get information about their children's learning and play as well as kindergarten newsletters and announcements. A security...
Gitlab -- Multiple vulnerabilities
Gitlab reports: JWT token leak via Workhorse Stored XSS in wiki pages Group Maintainers are able to use the Group CI/CD Variables API Insecure storage of GitLab session keys...
CVE-2021-20445
IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621...
Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to autocomplete HTML Attribute not disabled for password field
Summary There is autocomplete HTML attribute not disabled for password field in Maximo Data Loader maxloader which is shipped with IBM Maximo for Civil Infrastructure. It may be possible to bypass the web application's authentication mechanism. Vulnerability Details CVEID: CVE-2021-20445...
IBM Maximo for Civil Infrastructure 信息泄露漏洞
IBM Maximo for Civil Infrastructure integrates inspection, defect tracking and maintenance activities to help organizations improve asset life, keep critical systems up and running and reduce the total cost of ownership of civil infrastructure. An information disclosure vulnerability exists in IB...
Design/Logic Flaw
In S+ Operations and S+ Historian, the passwords of internal users not Windows Users are encrypted but improperly stored in a database...
FreeBSD : glpi -- Unauthenticated Stored XSS (09eef008-3b16-11eb-af2a-080027dbe4b7)
MITRE Corporation reports : In GLPI before version 9.5.2, the install/install.php endpoint insecurely stores user input into the database as urlbase and urlbaseapi. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure...
CVE-2020-26086
A vulnerability in the video endpoint API xAPI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper storage of sensitive information on an affected...
CVE-2020-15177
In GLPI before version 9.5.2, the install/install.php endpoint insecurely stores user input into the database as urlbase and urlbaseapi. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirection Since authentication i...
PT-2020-14249 · Teclib +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.2 Description: The issue concerns insecure storage of user input into the database as url base and url base api. These settings are used throughout the application, allowing for vulnerabilities such as Cross-Site...
FreeBSD : Gitlab -- multiple vulnerabilities (a3495e61-047f-11eb-86ea-001b217b3468)
Gitlab reports : Potential Denial Of Service Via Update Release Links API Insecure Storage of Session Key In Redis Improper Access Expiration Date Validation Cross-Site Scripting in Multiple Pages Unauthorized Users Can View Custom Project Template Cross-Site Scripting in SVG Image Preview...
Gitlab -- multiple vulnerabilities
Gitlab reports: Potential Denial Of Service Via Update Release Links API Insecure Storage of Session Key In Redis Improper Access Expiration Date Validation Cross-Site Scripting in Multiple Pages Unauthorized Users Can View Custom Project Template Cross-Site Scripting in SVG Image Preview...
CVE-2020-15784
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP8. Insecure storage of sensitive information in the configuration files could allow the retrieval of user names...
CVE-2020-15784
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP8. Insecure storage of sensitive information in the configuration files could allow the retrieval of user names...
Information disclosure
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP8. Insecure storage of sensitive information in the configuration files could allow the retrieval of user names...
CVE-2020-15784
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP8. Insecure storage of sensitive information in the configuration files could allow the retrieval of user names...
CVE-2020-15784
Summary (CVE-2020-15784) Affected product: Siemens Spectrum Power 4 (all versions prior to v4.70 SP8). Vulnerability: Insecure storage of sensitive information in configuration files could allow retrieval of usernames (CWE-312). This is the root cause described in the sources. Impact: Potential d...
CVE-2019-3881
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...
CVE-2019-4695
IBM Security Guardium Data Encryption GDE 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926...
CVE-2020-9404
In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in an insecure manner, and may be modified by an attacker with no knowledge of the current passwords...