CVE-2019-25470 eWON Firmware 12.2-13.0 Authentication Bypass via wsdReadForm

eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentia...

PT-2025-26223

Name of the Vulnerable Software and Affected Versions RabbitMQ versions 3.13.7 and prior Description The issue concerns RabbitMQ logging authorization headers in plaintext, encoded in base64, when queried with HTTP/s and basic authentication. This results in logs containing all request headers,...

JetBrains TeamCity Log Information Disclosure Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a log information...

CVE-2025-46432

CVE-2025-46432 affects JetBrains TeamCity prior to 2025.03.1, where base64-encoded credentials could be exposed in build logs. The vulnerability is described across multiple sources (NVD entry, Red Hat, CNVD/CNNVD mirrors, Tenable Nessus plugin, PT-SECURITY advisory) with an impact on confidentia...

CVE-2025-46432

In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs...

Backdoor.Win32.Agent.aak Hardcoded Credentials

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aak Vulnerability: Weak Hardcoded Credentials Description: The HTTP backdoor...

PT-2021-19235 · 1с · 1С:Предприятие +1

Name of the Vulnerable Software and Affected Versions: 1C:Enterprise 8 versions prior to 8.3.17.1851 Description: The issue concerns the Web server in 1C:Enterprise 8, which sends base64 encoded credentials in the creds URL parameter. Recommendations: For versions prior to 8.3.17.1851, update to...

h1-ctf: [H1-2006 2020] Bounty Pay CTF challenge

H1-2006 2020 Bounty Pay CTF challenge Hi there! This is my H1-2006 CTF writeup submission. First of all, thanks for the great challenge! This was my first H1 CTF that I played. I really enjoyed doing it and I learned new things solving this challenge. In my case, it was the demonstration that I...

Avaya IP Office 11 Insecure Transit / Password Disclosure Vulnerability

Avaya IP Office versions 9.1.8.0 through 11 suffer from an insecure transit vulnerability that allows for password disclosure. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

WEMS BEMS 21.3.1 - Undocumented Backdoor Account Vulnerability

Exploit for hardware platform in category web applications Exploit: WEMS BEMS 21.3.1 - Undocumented Backdoor Account Author: LiquidWorm Vendor: WEMS Limited Product web page: https://www.wems.co.uk Advisory ID: ZSL-2019-5552 Advisory URL:...

CVE-2019-12310

ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including...