40 matches found
CVE-2026-43875
WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/MobileManager/oauth2.php completes an OAuth login by sending an HTTP 302 Location: oauth2Success.php?user=&pass= where is the victim's stored password hash md5hash"whirlpool", sha1password read directly fro...
CVE-2026-31846 Unauthenticated Credential Disclosure via /goform/ate in Nexxt Nebula 300+
Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing...
CVE-2026-31846
Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing...
CVE-2025-58107
In Microsoft Exchange through 2019, Exchange ActiveSync EAS configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-mail address, device ID, bearer token, and base64-encoded password...
CVE-2025-58107
In Microsoft Exchange through 2019, Exchange ActiveSync EAS configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-mail address, device ID, bearer token, and base64-encoded password...
CVE-2025-58107
In Microsoft Exchange through 2019, Exchange ActiveSync EAS configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-mail address, device ID, bearer token, and base64-encoded password...
CVE-2026-27520 Binardat 10G08-0800GSM Network Switch Base64-encoded Password Stored in Cookie
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can...
CVE-2019-15805
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this...
CVE-2025-31139
In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log...
CVE-2025-31139
In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log...
CVE-2025-31139
JetBrains TeamCity prior to 2025.03 exposes base64 encoded passwords in build logs (CVE-2025-31139). Affects JetBrains TeamCity (CI/CD server); vulnerability arises from passwords being logged in base64 form. Impact: potential credential exposure. Mitigation: upgrade to version 2025.03 or later o...
PLANET switch devices 加密问题漏洞
PLANET switch devices are a series of switch devices from PLANET Corporation in China. PLANET switch devices suffers from an encryption issue vulnerability, which arises from the authentication token used when communicating with the swctrl service as an encoded user password, which is not strong...
Design/Logic Flaw
The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password...
CVE-2019-15805
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this...
CVE-2019-15806
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basicsett.html. Any user connected to the Wi-Fi can exploit this...
Authentication flaw
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basicsett.html. Any user connected to the Wi-Fi can exploit this...
Authentication flaw
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this...
CVE-2019-15806
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basicsett.html. Any user connected to the Wi-Fi can exploit this...
Default credentials
An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain depending on the modules configured the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the...
360 Wireless IP Camera is vulnerable
360 Wireless IP Camera is a webcam product from China's Qihoo 360 Qihu 360. A security vulnerability exists in 360 Wireless IP Camera. The vulnerability can be exploited by a remote attacker to obtain weakly encoded administrator information by connecting to TCP port 9527 and reading the password...