Lucene search
K

16 matches found

EUVD
EUVD
added 2025/11/20 3:30 p.m.5 views

EUVD-2025-198271

@perfood/couch-auth may expose session tokens, passwords...

6.5CVSS6.4AI score0.00186EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/20 12:0 a.m.3 views

CouchAuth 安全漏洞

CouchAuth is a Perfood open source authentication API. A security vulnerability exists in CouchAuth version 0.21.2, which stems from session tokens and passwords being stored in JavaScript objects and not explicitly cleared, which could lead to sensitive data disclosure and session hijacking...

6.5CVSS6.4AI score0.00186EPSS
Exploits0References4
NVD
NVD
added 2025/09/07 1:15 a.m.4 views

CVE-2025-36100

IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0 Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local...

5.5CVSS0.00094EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/07 12:0 a.m.9 views

The vulnerability of the Cadence Verisium Manager plugin for Jenkins, related to the storage of passwords in an open manner, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Cadence Verisium Manager plugin for the Jenkins automation server lies in the storage of passwords in an open manner within the config.xml file. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

4.3CVSS5.4AI score0.00302EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/02 12:0 a.m.7 views

The vulnerability of the Knowledge Space integrated planning platform, related to the storage of passwords in an open manner, allows attackers to disclose the protected information.

The vulnerability of the Knowledge Space integrated planning platform lies in the storage of passwords in an open manner. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...

6.8CVSS5.4AI score
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/26 7:37 a.m.11 views

CVE-2024-29146

User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under...

5.9CVSS6.7AI score0.00853EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2024/03/14 12:0 a.m.6 views

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in the storage of passwords in a recoverable format, which allows an attacker to disclose the protected information.

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server relates to the storage of passwords in a recoverable format. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose the protected information...

6.1CVSS5.5AI score0.0023EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/02/13 2:21 a.m.24 views

CVE-2022-43460

Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted...

7.5CVSS7.5AI score0.00536EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/01/24 12:0 a.m.67 views

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.7 Multiple Vulnerabilities (CloudBees Security Advisory 2023-01-24)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.7. It is, therefore, affected by multiple vulnerabilities including the following: - Sandbox bypass vulnerability in Script Security Plugin CVE-2023-24422 - CSRF...

9.8CVSS6.5AI score0.01314EPSS
Exploits0References39
OSV
OSV
added 2022/10/25 9:15 p.m.4 views

CVE-2022-28170

Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file...

6.5CVSS7.1AI score0.00205EPSS
Exploits0References2
OSV
OSV
added 2022/05/24 5:33 p.m.20 views

GHSA-485Q-V457-3P58 Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin

Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

6.5CVSS6.4AI score0.01032EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/03/15 5:15 p.m.7 views

CVE-2022-27217

Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

6.5CVSS5.9AI score0.00912EPSS
Exploits0References3
Prion
Prion
added 2021/08/03 7:15 p.m.20 views

Default credentials

The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the database if workflow is enabled for user creation, which allows attackers with access to the...

4CVSS5AI score0.00568EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2021/02/10 7:15 p.m.21 views

CVE-2021-27178

An issue was discovered on FiberHome HG6245D devices through RP2613. Some passwords are stored in cleartext in nvram...

7.5CVSS0.1818EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2009/07/04 12:0 a.m.21 views

Linux/x86 - Disable Shadowing Shellcode (42 bytes)

Linux/x86 - Disable Shadowing Shellcode 42 bytes. Shellcode exploit for Linuxx86 platform include const char sc= "\x31\xdb" //xor ebx,ebx "\x8d\x43\x17" //LEA eax,ebx + 0x17 /LEA is FASTER than push and pop! "\x99" //cdq "\xcd\x80" //int 80 //setuid0 shouldn't returns -1 right? ; "\xb0\x0b" //mov...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2003/03/09 12:0 a.m.46 views

SimpleBBS 1.0.6 Default Permissions Vuln

SimpleBBS 1.0.6 Security Problem: User database stored in a php file that's readable by anyone. http://www.tareget.com/simplebbs/users/users.php Passwords are md5'ed, but user data is not. The vendor was notified and has released updates. FluRDoInG [email protected] http://www.flurnet.org KEY ID...

0.5AI score
Exploits0
Rows per page
Query Builder