152 matches found
CVE-2024-45673
IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user...
CVE-2024-33471
An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2024-46433
A default credentials vulnerability in Tenda W18E V16.01.0.81625 allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges...
CVE-2024-20412
A vulnerability in Cisco Firepower Threat Defense FTD Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to the presence of static accounts with hard-coded...
CVE-2024-50692
SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT...
Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation
Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. There is currently no evidence that the...
CVE-2024-51555 Force Change of Default Credentials
Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02...
MGASA-2024-0378 Updated wget packages fix security vulnerability
Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. CVE-2024-10524...
CVE-2024-43812
The CVE-2024-43812 issue affects Kieback&Peter DDC4000 series controllers (e.g., DDC4002, DDC4100, DDC4200, DDC4400, and their “e” variants) and is caused by insufficiently protected credentials that may allow an unauthenticated attacker with access to /etc/passwd to read password hashes. The vul...
CVE-2024-44000 WordPress LiteSpeed Cache plugin < 6.5.0.1 - Unauthenticated Account Takeover via Cookie Leak vulnerability
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through 6.5.0.1...
Jenkins Plugin Credentials 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software plugin ... A security...
CVE-2024-4188
CVE-2024-4188 concerns an unprotected transport of credentials in OpenText Documentum Server, affecting 16.7–23.4. The root cause is unprotected credential transmission, enabling credential stuffing scenarios as described across multiple sources. The connected PT-2024-29610 entry confirms affecte...
CVE-2024-41689 Hard-coded Credentials Vulnerability
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext WP...
Gallagher Command Centre security breach
Gallagher Command Centre is a centralized control tool for Gallagher access control systems from Gallagher New Zealand. A security vulnerability exists in Gallagher Command Centre that stems from inadequate protection of credentials...
CVE-2024-1344 Encrypted database credentials in LaborOfficeFree
Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of 'LOFservice.exe' and 'LaborOfficeFree.exe' located in the '%programfilesx86%\LaborOfficeFree' directory. This user ca...
Information disclosure
Insufficiently protected credentials in some IntelR Server Product OpenBMC firmware before versions egs-1.05 may allow an unauthenticated user to enable information disclosure via network access...
CVE-2023-23370
The CVE-2023-23370 issue affects QVPN Device Client (Windows) with the root cause being insufficient protection of credentials. Versions prior to 2.1.0.0518 are vulnerable; exploitation could allow local authenticated administrators to gain access to user accounts and sensitive data via unspecifi...
CVE-2023-23370 QVPN Device Client
An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors. We have...
CVE-2022-45859
An insufficiently protected credentials vulnerability CWE-522 in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords...
PT-2023-2754 · Fortinet · Fortinac-F +1
Name of the Vulnerable Software and Affected Versions: FortiNAC versions 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0, 8.7.0 FortiNAC-F version 7.2.0 Description: The issue is related to insufficient protection of registration data when handling the /etc/shadow password file, which ma...