76 matches found
CVE-2020-11826
Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker can read the password-protected notes without having the password. Notes are stored in the ZENTITY...
Default credentials
Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker can read the password-protected notes without having the password. Notes are stored in the ZENTITY...
CVE-2020-11826
The CVE-2020-11826 entry affects Memono version 3.8, where notes locked with a password are stored in plaintext in the memono.sqlite database. Specifically, notes reside in the ZENTITY table and can be read without knowing the password, indicating a data exposure due to lack of encryption. The co...
ALPINE-CVE-2019-16062
NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data stored within the SQL database. It is possible for an attacker to expose unencrypted sensitive data...
A Plan to Stop Breaches With Dead Simple Database Encryption
Database giant MongoDB has a new encryption scheme that should help slow the scourge of breaches...
Soroush IM Desktop App 0.17.0 - Authentication Bypass
Exploit Title: Soroush IM Desktop App 0.17.0 - Authentication Bypass Date: 2018-08-08 Exploit Author: VortexNeoX64 Vendor Homepage: https://soroush-app.ir Software Link: http://54.36.43.176/SoroushSetup0.17.0.exe Version: 0.17.0 BETA Tested on: Windows 10 1803 and windows server 2016 14393 Securi...
CVE-2018-11242
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases locally stored are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files...
CVE-2018-11242
CVE-2018-11242 affects the MakeMyTrip Android app (v7.2.4). Local SQLite databases (data/com.makemytrip/databases and data/com.makemytrip/cache) are stored in cleartext and not encrypted, enabling potential sensitive data disclosure. Public PoCs describe access after rooting and unauthorized retr...
CVE-2017-15546
CVE-2017-15546 affects EMC RSA Authentication Manager 8.2 SP1 P6 and earlier. The vulnerability is a blind SQL injection in the Security Console that allows authenticated users to read unencrypted data from the database. Connected sources identify affected versions up to 8.2 SP1 Patch 7 (8.2.1.7)...
CVE-2016-6150
The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550...
Magento E-Commerce Platform Magmi Plugin Information Disclosure
An information disclosure vulnerability has been discovered in Magento e-commerce platform Magmi Plugin. Successful exploitation results in access to Magento site credentials and database encryption key...
openSUSE Security Update : almanah (openSUSE-SU-2013:0532-1)
Almanah was updated to encrypt the database when the application closes. bgo695117, bnc809140, CVE-2013-1853. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-241. The text...
CVE-2013-1853
Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database...
CVE-2013-1853
Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database...
CVE-2013-1853
Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database...
Information disclosure
Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database...
CVE-2013-1853
Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database...
CVE-2013-1853
The CVE-2013-1853 issue affects Almanah Diary
Hardcoded credentials
Cisco Unified Communications Manager CUCM 7.1x through 9.12 and the IM & Presence Service in Cisco Unified Presence Server through 9.12 use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat...
CVE-2013-4869
Cisco Unified Communications Manager (CUCM) versions 7.1.x–9.1(2) and the IM & Presence Service in Cisco Unified Presence Server up to 9.1(2) share the same CTI and database-encryption key across different customer installations. This creates a cryptographic risk where context-dependent attackers...