CVE-2015-0902

The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code...

All in One SEO Pack <= 2.2.5.1 - Information Disclosure

The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code...

Zabbix 2.0.5 - Cleartext ldap_bind_Password Password Disclosure (Metasploit)

This module requires Metasploit Date: 25-09-2013 Author: Pablo González Vendor Homepage: Zabbix - http://www.zabbix.com Software Link: http://www.zabbix.com Version: 2.0.5 Tested On: Linux Ubuntu, Suse, CentOS CVE: CVE-2013-5572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5572 More Inf...

Design/Logic Flaw

Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019...

CVE-2014-8007

Cisco Prime Infrastructure is affected by a vulnerability where the Quick Discovery options page HTML source contains stored device-discovery passwords. Exploitation requires authenticated access, enabling an attacker to view passwords through normal page inspection. The issue is described in Cis...

CVE-2014-4311

Epicor Enterprise 7.4 before FS74SP6HotfixTL054181 allows attackers to obtain the 1 Database Connection and 2 E-mail Connection passwords by reading HTML source code of the database connection and email settings page...

Code injection

Epicor Enterprise 7.4 before FS74SP6HotfixTL054181 allows attackers to obtain the 1 Database Connection and 2 E-mail Connection passwords by reading HTML source code of the database connection and email settings page...

CVE-2014-4311

Epicor Enterprise 7.4 before FS74SP6HotfixTL054181 allows attackers to obtain the 1 Database Connection and 2 E-mail Connection passwords by reading HTML source code of the database connection and email settings page...

CVE-2014-2061

The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value...

Input validation

The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value...

CVE-2014-4761

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code...

Code injection

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code...

CVE-2014-4761

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code...

IBM Sametime Meet Server 8.5 Password Disclosure

Exploit Title: IBM Sametime Meet Server 8.5 Password Disclosure Google Dork: intitle:"Meeting Center - IBM Lotus Sametime" Date: 11/08/2014 CVSS Score: http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=AV:L/AC:L/Au:N/C:P/I:N/A:N CVE-ID:...

CVE-2014-4747

The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser...

CVE-2014-4747

IBM Sametime Classic Meeting Server 8.x up to 8.5.2.1 is affected by CVE-2014-4747, where a physically proximate attacker can read the HTML source in a victim’s browser to discover a meeting password hash. The vulnerability is described as a local issue arising from access to an unattended workst...

CVE-2014-4747

The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser...

CVE-2014-2366

upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code...

Code injection

upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code...

CVE-2014-2366

CVE-2014-2366 affects Advantech WebAccess prior to 7.2, where upAdminPg.asp can disclose credentials to remote authenticated users by exposing them in the HTML source. Evidence from NVD/NIST and multiple advisories confirms the vulnerable component and the credential disclosure flaw, with a high ...