167 matches found
Information disclosure
An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code...
CVE-2017-7737
CVE-2017-7737 affects Fortinet FortiWeb 5.8.2 and earlier. The issue is an information disclosure where a logged-in admin can view the SNMPv3 user password in cleartext via the web UI HTML source code. The root cause is exposure of sensitive password data in the HTML, enabling disclosure without ...
Information Disclosure
Moodle is vulnerable to information disclosure attacks. Authenticated users can leverage a flaw in mod/lesson/pagetypes/matching.php to obtain question answers through ID values by reading the HTML source code...
Default credentials
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response...
CVE-2017-9557
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response...
CVE-2017-9557
CVE-2017-9557 affects EFS Software Easy Chat Server (versions 2.0–3.1). The issue allows remote attackers to obtain user passwords by sending a crafted request containing the username parameter together with an empty password parameter, then reading the HTML source of the response. This is a info...
Authentication flaw
iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file...
CVE-2017-6558
iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file...
CVE-2017-6558
iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file...
Code injection
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.kPE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703...
CVE-2015-7248
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.kPE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703...
CVE-2015-7248
CVE-2015-7248 affects ZTE ZXHN H108N R1A and ZXV10 W300 routers. The vulnerability enables information exposure by allowing remote attackers to read the cgi-bin/webproc HTML source and obtain usernames and password hashes. This is a separate issue from CVE-2015-8703. Public sources in the connect...
CVE-2015-6474
IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code...
Code injection
IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code...
CVE-2015-6474
The CVE-2015-6474 entry concerns IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ where an attacker can discover cleartext passwords by viewing the HTML source of web pages. Affected products are web-based SCADA systems; the root cause is improper handling/storage of credentials leading to exposur...
CVE-2015-6474
IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code...
CVE-2015-4214
Cisco Unified MeetingPlace 8.61.2 and 8.61.9 allows remote authenticated users to discover cleartext passwords by reading HTML source code, aka Bug ID CSCuu33050...
Code injection
Sinapsi eSolar Light with firmware before 2.0.3970schsl2.2.85 allows attackers to discover cleartext passwords by reading the HTML source code of the mail-configuration page...
CVE-2015-3949
Sinapsi eSolar Light with firmware before 2.0.3970schsl2.2.85 allows attackers to discover cleartext passwords by reading the HTML source code of the mail-configuration page...
CVE-2015-0902
The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code...