167 matches found
EUVD-2015-6415
Malware in sbrugna...
EUVD-2023-30916
Malicious code in bioql PyPI...
EUVD-2022-36050
Malicious code in bioql PyPI...
CVE-2024-26270
The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password...
CVE-2023-27132
TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product...
CVE-2022-32984
BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using the internal lightning node, the...
CVE-2021-3017
The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the defwirelesspassword line in the HTML source code...
CVE-2020-9013
Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting from the HTML source code...
CVE-2020-6170
An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI...
CVE-2017-17463
Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and pskwepkey fields...
CVE-2019-15653
Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real...
Dell 2335dn printer Weak Password Requirements (CVE-2018-15748)
On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.152335dn MFP 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of t...
C-MOR Video Surveillance 5.2401 / 6.00PL01 Cross Site Scripting
Advisory ID: SYSS-2024-021 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: Persistent Cross-Site Scripting CWE-79 Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05...
CVE-2024-31840
An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current...
CVE-2024-31840
The CVE-2024-31840 entry concerns Italtel Embrace 1.6.4. The vulnerability is that the web application inserts cleartext email account passwords into the HTML source. An authenticated user can access the edit function for the email server configuration, and the edit form is pre-filled with the cu...
BIT-GITLAB-2020-13261
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code...
BIT-GRAFANA-2022-26148
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in...
Default credentials
TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product...
CVE-2023-27132
TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product...
CVE-2023-27132
TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product...