CVE-2019-15805

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this...

CVE-2025-31139

In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log...

CVE-2025-31139

JetBrains TeamCity prior to 2025.03 exposes base64 encoded passwords in build logs (CVE-2025-31139). Affects JetBrains TeamCity (CI/CD server); vulnerability arises from passwords being logged in base64 form. Impact: potential credential exposure. Mitigation: upgrade to version 2025.03 or later o...

CVE-2025-31139

In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log...

CVE-2019-15806

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basicsett.html. Any user connected to the Wi-Fi can exploit this...

CVE-2019-15805

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this...

Authentication flaw

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this...

Authentication flaw

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basicsett.html. Any user connected to the Wi-Fi can exploit this...

CVE-2019-15806

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basicsett.html. Any user connected to the Wi-Fi can exploit this...

Default credentials

An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain depending on the modules configured the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the...

Lexmark Scan To Network (SNF) 3.2.9 Information Disclosure Vulnerability

Lexmark Scan to Network SNF printer application versions 3.2.9 and below suffer from a credential disclosure vulnerability. Summary ======= 1. Information exposure of network credentials in embedded printer application CVE-2017-13771 Vendor ====== "Lexmark creates innovative imaging solutions and...

Debian DLA-408-1 : gosa security update

GOsa is a combination of system-administrator and end-user web interface, designed to handle LDAP based setups. GOsa upstream reported a code injection vulnerability in the Samba plugin code of GOsa. During Samba password changes it has been possible to inject malicious Perl code. This upload to...

ettercap: multiple issues

CVE-2014-6395 arbitrary code execution Heap-based buffer overflow in the dissectorpostgresql function in dissectors/ecpostgresql.c allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual...

Updated ettercap packages fix security vulnerabilities

Updated ettercap package fixes security vulnerabilities: Heap-based buffer overflow in the dissectorpostgresql function in dissectors/ecpostgresql.c in Ettercap before 8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value...

Cisco DPC2420 - Multiples Vulnerabilities

Cisco DPC2420 - Multiples Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - Title: DPC2420 Multiple vulnerabilities - Author: Facundo M. de la Cruz tty0 - E-mail: [email protected] =20 0x00 Details Vendor : Cisco Model : DPC2420 type : Cablemodem router.=20 Firmware:...

Cisco DPC2420 Cross Site Scripting / File Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - Title: DPC2420 Multiple vulnerabilities - Author: Facundo M. de la Cruz tty0 - E-mail: [email protected] 0x00 Details Vendor : Cisco Model : DPC2420 type : Cablemodem router. Firmware: D2425-P10-13-v202r12811-110511as-TRO.bin Software:...

CVE-2007-5777

Blue-Collar Productions i-Gallery 3.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a base64-encoded password via a direct request for igallery.mdb...

Improper access control

Blue-Collar Productions i-Gallery 3.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a base64-encoded password via a direct request for igallery.mdb...

CVE-2007-5777

Blue-Collar Productions i-Gallery 3.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a base64-encoded password via a direct request for igallery.mdb...

ELOG Web Logbook < 2.5.7 Multiple Remote Vulnerabilities (OF, Traversal)

The remote host is running ELOG Web Logbook, a free webinterface logbook. According to its banner, the version of ELOG Web Logbook installed on the remote host contains a buffer overflow that can be triggered when handing attachment with names longer than 256 characters to execute code on the...