40 matches found
Sifchain: A password in plain text in conf file
I found a password in plain text in \sifnode-develop\ui\e2e\config.js in the source code. password: "coolguy21" Impact I don't know actually how does this affects but passwords in plaintexts are always dangerous...
Mutare Voice Security Feature Issue Vulnerability
A security signature issue vulnerability exists in Mutare Voice EVM 3.x before 3.3.8, which originates when password information is displayed in plaintext on an external system...
FiberHome HG6245D devices 加密问题漏洞
The HG6245D is an FTTH ONT router from FiberHome. The FiberHome HG6245D suffers from a password plaintext storage vulnerability. An attacker can exploit this vulnerability to obtain passwords in plaintext...
Palo Alto Networks PAN-OS Log Message Disclosure Vulnerability (CNVD-2020-63187)
Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. Palo Alto Networks PAN-OS suffers from a log message disclosure vulnerability that stems from the fact that a proxy server's password may be displayed in plaintext when using the CLI,...
PT-2020-20008 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 19.0.0 Description: A logic error caused the plaintext storage of the share password when it was given on the initial create API call. Recommendations: For Nextcloud Server version 19.0.0, update to a version that fix...
Dell EMC Unity and UnityVSA Security Bypass Vulnerability
Dell EMC Unity and UnityVSA are both products of Dell, Inc.Dell EMC Unity is a unified storage array product.UnityVSA is a set of virtual Unity storage environments. A security vulnerability exists in Dell EMC Unity prior to version 5.0.0.0.5.116 and UnityVSA prior to version 5.0.0.0.5.116, which...
D-Link DIR-815 Information Disclosure Vulnerability
D-Link DIR-815 is a wireless router product from AUO D-Link. An information disclosure vulnerability exists in the D-Link DIR-815 with firmware prior to version 2.07.B01, which originates from the program storing the administrative password in plaintext. A remote attacker could exploit this...
PSFTPd Windows FTP Server Password Plaintext Vulnerability
PSFTPd Windows FTP Server is a suite of FTP server software. The software supports protocols such as FTP, FTPS and SFTP. A password plaintext vulnerability exists in PSFTPd Windows FTP Server version 10.0.4 Build 729. An attacker can exploit this vulnerability to hide information in log files,...
USN-3379-1 shotwell vulnerability
It was discovered that Shotwell is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission...
CVE-2017-1000024
Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission...
China Mobile 139 Mailbox Android V6.6.1 suffers from gesture password plaintext storage vulnerability
139 Mailbox APP is a general-purpose mailbox client launched by China Mobile. A vulnerability exists in the plaintext storage of gesture passwords in China Mobile 139 Mailbox Android V6.6.1. Since the user's gesture password storage is not encrypted, an attacker can utilize the vulnerability to...
Accuenergy Acuvim II and IIR AXN-NET Module Information Disclosure Vulnerability
Accuenergy Acuvim II and IIR are Accuenergy's multi-function network power meters that provide power parameter measurement, four-quadrant power metering, and out-of-limit alarms.AXN-NET is one of the Ethernet module accessories. The AXN-NET module of the Accuenergy Acuvim II and IIR stores mail...
Softbiz Classifieds PLUS - Multiple SQL Injections
Softbiz Classifieds PLUS - Multiple SQL Injections ----------------------------Information------------------------------------------------ +Name : Softbiz Classifieds PLUS SQL Injection gallery.php +Autor : Easy Laster +Date : 25.02.2010 +Script : Softbiz Classifieds PLUS +Price : 99$ +Language :...
HTMPL 1.11 (htmpl_admin.cgi help) Command Execution Vulnerability
No description provided by source. Software : HTMPL v1.11 Download Link : http://vmeste.org/templex/doc/1.html Vulnrability : Command Execution Severity : High Author : ZeN Website : http://dusecurity.com / http://darkcode.me/ Exploit : site.com/cgi-bin/htmpladmin.cgi?help=|cat /etc/passwd A few...
CVE-2005-1760
sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges...
CVE-2002-1097
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Management pages...
CVE-2001-1404
Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges...
CVE-2000-0402
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator sa account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability...
CVE-2000-0402
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator sa account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability...
PT-1999-1502 · Sun · Sun Wbem
Name of the Vulnerable Software and Affected Versions: Sun Web-Based Enterprise Management WBEM affected versions not specified Description: The issue concerns the storage of a password in plaintext within a world-readable file by the Sun Web-Based Enterprise Management WBEM installation script...