CVE-2024-3622

A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same secret key. This flaw allows a...

CVE-2023-46741 CubeFS leaks magic secret key when starting Blobstore access service

CubeFS is an open-source cloud-native file storage system. A vulnerability was found in CubeFS prior to version 3.3.1 that could allow users to read sensitive data from the logs which could allow them escalate privileges. CubeFS leaks configuration keys in plaintext format in the logs. These keys...

CVE-2018-10871

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently...

PrivateTunnel Client 2.7.0 (x64) Local Credential Disclosure

PrivateTunnel Client v2.7.0 x64 Local Credentials Disclosure After Sign out Exploit Tested on Windows Windows 7 64bit, English Vendor Homepage @ https://www.privatetunnel.com Date 14/09/2016 Bug Discovery by: Yakir Wizman https://www.linkedin.com/in/yakirwizman http://www.black-rose.ml Viktor Min...

PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure

PrivateTunnel Client v2.7.0 x64 Local Credentials Disclosure After Sign out Exploit Tested on Windows Windows 7 64bit, English Vendor Homepage @ https://www.privatetunnel.com Date 14/09/2016 Bug Discovery by: Yakir Wizman https://www.linkedin.com/in/yakirwizman http://www.black-rose.ml Viktor Min...

LogMeIn Client 1.3.2462 (x64) - Local Credentials Disclosure

LogMeIn Client v1.3.2462 64bit Local Credentials Disclosure Tested on Windows Windows Server 2012 R2 64bit, English Vendor Homepage @ https://secure.logmein.com/home/en Date 06/09/2016 Bug Discovery by: Alexander Korznikov https://www.linkedin.com/in/nopernik http://korznikov.com/ Viktor Minin...

Dropbox Desktop Client 9.4.49 (x64) - Local Credentials Disclosure

Dropbox Desktop Client v9.4.49 64bit Local Credentials Disclosure Tested on Windows Windows Server 2012 R2 64bit, English Vendor Homepage @ https://www.dropbox.com Date 06/09/2016 Bug Discovery by: Yakir Wizman https://www.linkedin.com/in/yakirwizman http://www.black-rose.ml Viktor Minin...

MySQL 5.5.45 (x64) - Local Credentials Disclosure

MySQL 5.5.45 x64 - Local Credentials Disclosure MySQL 5.5.45 64bit Local Credentials Disclosure Tested on Windows Windows Server 2012 R2 64bit, English Vendor Homepage @ https://www.mysql.com Date 05/09/2016 Bug Discovered by Yakir Wizman https://www.linkedin.com/in/yakirwizman...

MySQL 5.5.45 (x64) - Local Credentials Disclosure

MySQL 5.5.45 64bit Local Credentials Disclosure Tested on Windows Windows Server 2012 R2 64bit, English Vendor Homepage @ https://www.mysql.com Date 05/09/2016 Bug Discovered by Yakir Wizman https://www.linkedin.com/in/yakirwizman http://www.black-rose.ml Special Thanks & Greetings to friend of...

Navicat Premium 11.2.11 (x64) - Local Database Password Disclosure

Exploit for windows platform in category local exploits Navicat Premium 11.2.11 64bit Local Password Disclosure Tested on Windows Windows Server 2012 R2 64bit, English Vendor Homepage @ https://www.navicat.com/ Date 05/09/2016 Bug Discovered by Yakir Wizman https://www.linkedin.com/in/yakirwizman...

EZ Publish 2.2.7/3.0 site.ini Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7347/info eZ Publish has been reported prone to sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying site.ini configuration file. The file contains eZ Publish...

Snapstream PVS 1.2 Plaintext Password Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3101/info Snapstream Personal Video Station is an application for Microsoft Windows which allows users to record video output on their PC and view it at a later time, locally or via an HTTP interface. The Snapstream PVS w...

Web Wiz Site News 3.6 Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7341/info Web Wiz Site News has been reported prone to sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying Access database file that is used by the Site News...

Web Wiz Forum 6.34 - Information Disclosure

source: https://www.securityfocus.com/bid/7380/info Web Wiz Forum has been reported prone to sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying Access database file that is used by the Forum application. Sensitive information that is...

EZ Publish 2.2.7/3.0 - site.ini Information Disclosure

source: https://www.securityfocus.com/bid/7347/info eZ Publish has been reported prone to sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying site.ini configuration file. The file contains eZ Publish administration credentials stored in...