16 matches found
EUVD-2025-198271
@perfood/couch-auth may expose session tokens, passwords...
CouchAuth 安全漏洞
CouchAuth is a Perfood open source authentication API. A security vulnerability exists in CouchAuth version 0.21.2, which stems from session tokens and passwords being stored in JavaScript objects and not explicitly cleared, which could lead to sensitive data disclosure and session hijacking...
CVE-2025-36100
IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0 Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local...
The vulnerability of the Cadence Verisium Manager plugin for Jenkins, related to the storage of passwords in an open manner, allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the Cadence Verisium Manager plugin for the Jenkins automation server lies in the storage of passwords in an open manner within the config.xml file. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the Knowledge Space integrated planning platform, related to the storage of passwords in an open manner, allows attackers to disclose the protected information.
The vulnerability of the Knowledge Space integrated planning platform lies in the storage of passwords in an open manner. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...
CVE-2024-29146
User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under...
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in the storage of passwords in a recoverable format, which allows an attacker to disclose the protected information.
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server relates to the storage of passwords in a recoverable format. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose the protected information...
CVE-2022-43460
Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted...
Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.7 Multiple Vulnerabilities (CloudBees Security Advisory 2023-01-24)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.7. It is, therefore, affected by multiple vulnerabilities including the following: - Sandbox bypass vulnerability in Script Security Plugin CVE-2023-24422 - CSRF...
CVE-2022-28170
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file...
GHSA-485Q-V457-3P58 Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin
Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
CVE-2022-27217
Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
Default credentials
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the database if workflow is enabled for user creation, which allows attackers with access to the...
CVE-2021-27178
An issue was discovered on FiberHome HG6245D devices through RP2613. Some passwords are stored in cleartext in nvram...
Linux/x86 - Disable Shadowing Shellcode (42 bytes)
Linux/x86 - Disable Shadowing Shellcode 42 bytes. Shellcode exploit for Linuxx86 platform include const char sc= "\x31\xdb" //xor ebx,ebx "\x8d\x43\x17" //LEA eax,ebx + 0x17 /LEA is FASTER than push and pop! "\x99" //cdq "\xcd\x80" //int 80 //setuid0 shouldn't returns -1 right? ; "\xb0\x0b" //mov...
SimpleBBS 1.0.6 Default Permissions Vuln
SimpleBBS 1.0.6 Security Problem: User database stored in a php file that's readable by anyone. http://www.tareget.com/simplebbs/users/users.php Passwords are md5'ed, but user data is not. The vendor was notified and has released updates. FluRDoInG [email protected] http://www.flurnet.org KEY ID...