63 matches found
CVE-2025-15622
The CVE-2025-15622 vectors/auth flow involve Sparx Systems Pty Ltd. Sparx Enterprise Architect desktop client exposing a plaintext OAuth2 client secret, which the client decodes and uses to exchange for access and ID tokens in the OpenID authentication flow. This is described as an Insufficiently...
CVE-2026-32842
Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username...
EUVD-2026-12655
Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username...
CVE-2026-32842 Edimax GS-5008PL <= 1.00.54 Admin Credentials Stored in Cleartext
Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username...
CVE-2026-32842
Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username...
Edimax GS-5008PL 安全漏洞
The Edimax GS-5008PL is a Gigabit Ethernet switch produced by Edimax of Taiwan, China. Versions of the Edimax GS-5008PL prior to 1.00.54 contained security vulnerabilities. These vulnerabilities stemmed from insecure credential storage, allowing attackers to obtain administrator credentials by...
PT-2026-25948
Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecure credential storage vulnerability that allows attackers to obtain administrator credentials by accessing configuration backup files. Attackers can download the config.bin file through fupload.cgi to extract plaintext username...
CVE-2024-55027
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uactemp.db...
Insufficiently Protected Credentials
Overview rdsai-cli is an AI-powered CLI tool for Relation database management and analysis Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to insecure local storage of sensitive credentials. An attacker can exploit this by accessing the configuration...
📄 Netbus Backdoor 1.7 Remote Code Execution
Netbus Backdoor version 1.7 Metasploit module that leverages an insecure credential storage vulnerability that then performs command injection. ============================================================================================================================================= | Title :...
📄 Backdoor.Win32.ControlTotal.t MVID-2025-0702 Insecure Credential Storage
Backdoor.Win32.ControlTotal.t malware listens on TCP port 2032 and requires authentication. The password "jdf4df4vdf" is stored in cleartext within the PE file. Discovery / credits: Malvuln John Page aka hyp3rlinx c 2025 Original source:...
EUVD-2021-15892
Malware in sbrugna...
EUVD-2023-41301
Malicious code in bioql PyPI...
EUVD-2022-31492
Malicious code in bioql PyPI...
Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux
Ubuntu Touch Security VAPT Report Welcome to the Ubuntu Touch...
CVE-2021-29253
The Tableau integration in RSA Archer 6.4 P1 6.4.0.1 through 6.9 P2 6.9.0.2 is affected by an insecure credential storage vulnerability. An malicious attacker with access to the Tableau workbook file may obtain access to credential information to use it in further attacks...
Intelbras InControl 安全漏洞
Intelbras InControl is an access control management software from Intelbras that allows users to easily manage any ingress and egress traffic using access control devices. A security vulnerability exists in Intelbras InControl version 2.21.59 and earlier, which stems from improper handling of...
HackTool.Win32.Freezer.br (WinSpy) MVID-2024-0691 Insecure Credential Storage
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/2992129c565e025ebcb0bb6f80c77812.txt Contact: [email protected] Media: x.com/malvuln Threat: HackTool.Win32.Freezer.br WinSpy Vulnerability: Insecure Credential Storage Description: The...
Insecure Credential Storage
TYPO3 is vulnerable to Insecure Credential Storage. The vulnerability is due to the backend form reloading when creating new backend user accounts, potentially persisting records with insecure or empty credentials...
Insecure Credential Storage
typo3/cms-core is vulnerable to Insecure Credential Storage. The vulnerability is due to the persistence of database records containing insecure or empty credentials when certain changes are made to user account types in the TYPO3 backend, which allows an attacker to cause insecure or empty...