Design/Logic Flaw

The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 2.00AAKK.3 devices. After accessing the page, the admin user's password can be obtained by viewing the HTML source code, and the interface of the modem can be accessed as admin...

CVE-2018-13378

An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code...

CVE-2018-13378

An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code...

CVE-2018-13378

An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code...

FortiSIEM LDAP server password reflected in admin portal

An information exposure vulnerability in the admin portal of FortiSIEM may allow an authenticated admin to retrieve the LDAP server password via the HTML source code. This could potentially aggravate attacks targeting the authenticated admin session, should they exist XSS, social engineering, pro...

CVE-2018-18941

In Vignette Content Management version 6, it is possible to gain remote access to administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privileged user account. NOTE: this product is...

CVE-2018-18941

In Vignette Content Management version 6, it is possible to gain remote access to administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privileged user account. NOTE: this product is...

Vignette Content Management 6 Security Bypass Vulnerability

Exploit for php platform in category web applications 0day.today 2018-11-12...

Vignette Content Management 6 Security Bypass

...

Code injection

Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code...

CVE-2018-16987

Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code...

Design/Logic Flaw

The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "ifpwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side...

CVE-2018-9031

The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "ifpwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side...

Code injection

Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and pskwepkey fields...

CVE-2017-17463

Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and pskwepkey fields...

CVE-2017-17463

CVE-2017-17463 affects Vivo modems. The vulnerability allows remote attackers to disclose sensitive information by reading the index.cgi?page=wifi HTML source code, with examples including ssid and psk_wepkey fields. Exploitation status, affected models/versions, root cause specifics, and remedia...

CVE-2017-14941

Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector...

CVE-2017-14941

Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector...

Design/Logic Flaw

Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector...

CVE-2017-14941

Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector...