Format string

In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in a recoverable format, and may be retrieved by any user with access to the PACTware workstation...

CVE-2020-9404

In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in an insecure manner, and may be modified by an attacker with no knowledge of the current passwords...

glpi -- Unauthenticated Stored XSS

MITRE Corporation reports: In GLPI before version 9.5.2, the install/install.php endpoint insecurely stores user input into the database as urlbase and urlbaseapi. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure...

ABB Device Library Wizard

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: ABB Equipment: Device Library Wizard Vulnerability: Insecure Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low-level user to escalate privileges and...

CVE-2020-10755

An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleI...

CVE-2020-8482

Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data...

Design/Logic Flaw

Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data...

CVE-2020-8482 ABB Device Library Wizard Information Disclosure Vulnerability

Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data...

VISAM Automation Base (VBASE) (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: VISAM Equipment: VBASE Vulnerabilities: Relative Path Traversal, Incorrect Default Permissions, Inadequate Encryption Strength, Insecure Storage of Sensitive Information, Stack-based Buffer Overflow...

Code injection

Evernote before 5.5.1 has insecure PIN storage...

Mail.ru: Insecure storage of private files

"Send to myself" activity of Mail.ru Mail application for Android could be locally manipulated via external content provider to access the files in application folder...

UBUNTU-CVE-2012-1105

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner...

CVE-2012-6077

W3 Total Cache before 0.9.2.5 allows remote attackers to retrieve password hash information due to insecure storage of database cache files...

Information disclosure

W3 Total Cache before 0.9.2.5 allows remote attackers to retrieve password hash information due to insecure storage of database cache files...

CVE-2012-6077

The CVE-2012-6077 issue affects the WordPress W3 Total Cache plugin (versions before 0.9.2.5). The root cause is insecure storage of database cache files, enabling remote attackers to retrieve password hash information. Documents indicate exposure of usernames and password hashes via the plugin’s...

PT-2019-6805 · Frederick Townes · W3 Total Cache

Name of the Vulnerable Software and Affected Versions: W3 Total Cache versions prior to 0.9.2.5 Description: The issue allows remote attackers to retrieve password hash information due to insecure storage of database cache files. Recommendations: For versions prior to 0.9.2.5, update to version...

Insecure Temporary File Storage

drift-mongodb-serverplugin uses an insecure temporary file storage when unpacking zip files. The files are unpacked to a world-writable directory which could potentially allow a local attacker to modify and tamper with the files, leading to unexpected behavior in the application...

openSUSE: Security Advisory for nfs-utils (openSUSE-SU-2019:2408-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2019:2782-1 Security update for nfs-utils

This update for nfs-utils fixes the following issues: - CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. bsc1150733...

SUSE-SU-2019:2771-1 Security update for nfs-utils

This update for nfs-utils fixes the following issues: - CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. bsc1150733...