CVE-2025-40753

A vulnerability has been identified in POWER METER SICAM Q100 7KG9501-0AA01-0AA1 All versions = V2.60 = V2.60 = V2.60 = V2.60 = V2.70 V2.80. Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extra...

EUVD-2025-36518

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the txtmailuser and txtmailpass parameters when updating the mail server settings. When a user updates the mail...

CVE-2023-27927

An authenticated malicious user could acquire the simple mail transfer protocol SMTP Password in cleartext format, despite it being protected and hidden behind asterisks. The attacker could then perform further attacks using the SMTP credentials...

CVE-2010-4758

installer.pl in Open Ticket Request System OTRS before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen...

PT-2024-13754 · Unknown · Vx Search Enterprise

Name of the Vulnerable Software and Affected Versions: VX Search Enterprise version 10.2.14 Description: A vulnerability has been discovered that could allow an attacker to execute persistent XSS through the "/setup smtp" API endpoint in the smtp server, smtp user, smtp password, and smtp email...

CVE-2019-9868

An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator...

CVE-2016-2294

The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors...

Hosting Controller <= 6.1 HotFix 2.2 Add Domain without Quota Exploit

No description provided by source. !-- Change url /str0ke -- form method=post name=addform action=http://url/admin/iis/IISActions.asp?ActionType=AddSite&hostcustid=1&hostingplans=1 table tr class=looplistingDark td width=19% class=ContentsWebsite Name : /td td width=73% class=contents input...

CVE-2010-4758

installer.pl in Open Ticket Request System OTRS before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen...

DEBIAN-CVE-2010-4758

installer.pl in Open Ticket Request System OTRS before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen...

CVE-2010-4758

installer.pl in Open Ticket Request System OTRS before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen...

CVE-2010-4758

installer.pl in Open Ticket Request System OTRS before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen...

CVE-2009-2920

Multiple cross-site scripting XSS vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 component and 2 priority parameters to buglist.php; and the 3 Username 4 E-mail, 5 Pass, and 6 Confirm pass fields to createaccount.php...

Hosting Controller &lt;= 6.1 HotFix 2.2 Add Domain without Quota Exploit

No description provided by source. !-- Change url /str0ke -- form method="post" name="addform" action="http://url/admin/iis/IISActions.asp?ActionType=AddSite&hostcustid=1&hostingplans=1" table tr class="looplistingDark" td width="19%" class="Contents"Website Name : /td td width="73%"...

CVE-1999-1002

Netscape Navigator uses weak encryption for storing a user's Netscape mail password...

ns4.5-mail-passwd.txt

Date: Wed, 4 Nov 1998 18:29:55 +0100 From: Holger van Lengerich To: [email protected] Subject: Communicator 4.5 stores EVERY mail-password in preferences.js Hi! The Netscape Communicator 4.5 stores the crypted version of used mail-passwords for imap and pop3 even if you tell Netscape to not...