110 matches found
CVE-2021-25275
SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login...
CVE-2020-10762
An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. This includes recording passwords to the cmdhistory.log file which is world-readable. This flaw allows local users to obtain sensitive information by reading the...
CVE-2020-26551
An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file...
CVE-2020-26551
An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file...
CVE-2020-15324
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmppconfig.py file that stores hardcoded credentials...
CVE-2020-15324
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmppconfig.py file that stores hardcoded credentials...
CVE-2012-5474
The file /etc/openstack-dashboard/localsettings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release python-django-horizon package before 2012.1.1 is world readable and exposes the secret key value...
CVE-2012-5476
Within the RHOS Essex Preview 2012.2 of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value...
Unspecified vulnerability in Python keyring
Python keyring is a library for supporting access to system key services from Python. A security vulnerability exists in Python keyring, which stems from the fact that the file created is globally readable and can be exploited by an attacker to obtain information...
Sensitive Data Exposure in pem
Versions of pem before 1.13.2 expose sensitive data when the readPkcs12 is used. The readPkcs12 function reads the certificate and key data from a pkcs12 file using the encryption password. As part of this process it creates a globally readable file with a filename of 20 random 0-f characters in...
Design/Logic Flaw
On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3...
CVE-2018-11752
Previous releases of the Puppet ciscoios module output SSH session debug information including login credentials to a world readable file on every run. These issues have been resolved in the 0.4.0 release...
CVE-2018-11752
Previous releases of the Puppet ciscoios module output SSH session debug information including login credentials to a world readable file on every run. These issues have been resolved in the 0.4.0 release...
Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability (CNVD-2018-11350)
Cisco Prime Collaboration Provisioning PCP is a set of Web-based, next-generation communications services software from Cisco. The software provides IP communication service features for IP telephony, voice mail and unified communications environments. An information disclosure vulnerability exis...
CVE-2018-0335
A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring...
heketi: Information disclosure through world readable file
An access flaw was found in heketi, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file...
CVE-2017-9615
Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file...
Arbitrary file deletion
Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file...
CVE-2017-9615
Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file...
DEBIAN-CVE-2017-9868
In Mosquitto through 1.4.12, mosquitto.db aka the persistence file is world readable, which allows local users to obtain sensitive MQTT topic information...