Lucene search
K

18 matches found

Github Security Blog
Github Security Blog
added 2026/05/06 9:49 p.m.16 views

rpassword affected by partial password reveal when input is interrupted

rpassword maintainers were made aware of a possible issue with a partial password reveal when input is interrupted. To quote @squell: @conradkleinespel I've confirmed this problem with SequoiaPGP, which I think uses rpassword, e.g.: Suppose we use pkill -9 sq in a different terminal right after t...

5.7AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/06 9:49 p.m.15 views

GHSA-2P6R-X3VV-XQM2 rpassword affected by partial password reveal when input is interrupted

rpassword maintainers were made aware of a possible issue with a partial password reveal when input is interrupted. To quote @squell: @conradkleinespel I've confirmed this problem with SequoiaPGP, which I think uses rpassword, e.g.: Suppose we use pkill -9 sq in a different terminal right after t...

3.8CVSS5.7AI score
Exploits0References3
EUVD
EUVD
added 2026/02/03 4:52 p.m.8 views

EUVD-2020-30979

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...

8.8CVSS5.5AI score0.00415EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/15 12:19 p.m.7 views

CVE-2025-13175

Y Soft SafeQ 6 renders the Workflow Connector password field in a way that allows an administrator with UI access to reveal the value using browser developer/inspection tools. The affected customers are only those with a password-protected scan workflow connector. This issue affects Y Soft SafeQ ...

5.1CVSS6.9AI score0.00286EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/12 8:30 p.m.11 views

EUVD-2025-131955

sudo-rs is a memory safe implementation of sudo and su written in Rust. Starting in version 0.2.7 and prior to version 0.2.10, if a user begins entering a password but does not press return for an extended period, a password timeout may occur. When this happens, the keystrokes that were entered a...

3.8CVSS5.9AI score0.00138EPSS
Exploits0References4
Amazon
Amazon
added 2021/01/07 12:0 a.m.89 views

Important: thunderbird

Issue Overview: When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timi...

9.3CVSS9.1AI score0.0245EPSS
Exploits1
CVE
CVE
added 2020/12/09 12:24 a.m.329 views

CVE-2020-26965

CVE-2020-26965 is a browser/password-input issue affecting Firefox (including ESR) versions older than 83/78.5 and Thunderbird older than 78.5. The problem arises when a user’s password is revealed via a “Show Password” control, and, in conjunction with a software keyboard that remembers input, t...

6.5CVSS6.8AI score0.01236EPSS
Exploits0References4Affected Software3
RedHat Linux
RedHat Linux
added 2020/11/30 8:37 a.m.5 views

Mozilla: Software keyboards may have remembered typed passwords

Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field wa...

6.5CVSS7.3AI score0.01236EPSS
Exploits0References5
Mozilla
Mozilla
added 2020/11/17 12:0 a.m.154 views

Security Vulnerabilities fixed in Thunderbird 78.5 — Mozilla

A parsing and event loading mismatch in Thunderbird's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. When drawing a...

9.3CVSS9.1AI score0.0245EPSS
Exploits1References12Affected Software1
CVE
CVE
added 2019/09/23 4:37 p.m.96 views

CVE-2019-15635

CVE-2019-15635 affects Grafana 5.4.0: passwords for data sources (e.g., MySQL) are stored unencrypted and can be exposed. An admin can reveal these credentials by using the Save and test button in a data source’s settings, watching the traffic, or using the browser’s Show password option. The con...

4.9CVSS5AI score0.01609EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/03/25 5:50 p.m.24 views

CVE-2017-7510

In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface...

8.8AI score0.01036EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/06/26 12:0 a.m.11 views

Microsoft Windows: Do not display the password reveal button

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winpasswordreveal.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Do not display the password reveal button Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2014/11/05 12:25 a.m.26 views

Asterisk Password Spy v3.1 - Windows Asterisk Password Recovery Tool

Asterisk Password Spy is the FREE tool to instantly reveal the hidden password behind asterisks . It's user friendly interface can help you to easily find the passwords from any Windows based application.You can simply drag the 'search icon' to any password box to find the real password hidden by...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2008/09/10 12:0 a.m.27 views

Microworld Mailscan 5.6.a Password Reveal Exploit

No description provided by source. / ---------------------------------------------------------------------------------------------- / / / \ \ / / / / / / \ | / / / / / // // / / |/ / //////|/ 2008 SecurityDevelopment.net Author: SlaYeR Date: 25. Aug. 2008 Email: [email protected]...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2008/09/09 12:0 a.m.17 views

Microworld Mailscan 5.6.a - Password Reveal

Microworld Mailscan 5.6.a - Password Reveal / ---------------------------------------------------------------------------------------------- / / / \ \ / / / / / / \ | / / / / / // // / / |/ / //////|/ 2008 SecurityDevelopment.net Author: SlaYeR Date: 25. Aug. 2008 Email:...

7.4AI score
Exploits0
0day.today
0day.today
added 2008/09/09 12:0 a.m.20 views

Microworld Mailscan 5.6.a Password Reveal Exploit

Exploit for unknown platform in category remote exploits ================================================= Microworld Mailscan 5.6.a Password Reveal Exploit ================================================= /...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2008/09/09 12:0 a.m.30 views

Microworld Mailscan 5.6.a - Password Reveal

/ ---------------------------------------------------------------------------------------------- / / / \ \ / / / / / / \ | / / / / / // // / / |/ / //////|/ 2008 SecurityDevelopment.net Author: SlaYeR Date: 25. Aug. 2008 Email: [email protected] Website:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2000/02/10 12:0 a.m.89 views

kppp-1.6.14.txt

here exists a bug in kppp 1.6.14 where a local user dialing up into the internet can copy the stars in the password box and put them into an xterm where the stars will be unrevealed and that password will be shown. seeya rarez...

7.4AI score
Exploits0
Rows per page
Query Builder