CVE-2024-10718 Cookie without Secure attribute in phpipam/phpipam

In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, potentially exposing sensitive information. The issue is fixed in version 1.7.0...

Information Disclosure

github.com/rancher/rancher is vulnerable to Information Disclosure. The vulnerability exists because the library stores sensitive plaintext information directly on Kubernetes Cluster objects , which allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to gain...

Unisys Cargo Mobile Information Disclosure Vulnerability

Unisys Cargo Mobile is a shipping solution from Unisys, Inc. An information disclosure vulnerability exists in the Unisys Cargo Mobile Application prior to 1.2.29. The vulnerability stems from the use of plaintext storage of sensitive information, which could be exploited by an attacker to obtain...

GitLab Information Disclosure Vulnerability (CNVD-2021-26078)

GitLab is a Ruby on Rails developed, self-hosted, Git version control system project repository application from GitLab, Inc. The program can be used to access the project's file contents, commit history, bug list , etc. Git is a free, open source distributed version control system. GitLab suffer...

Information Disclosure

Apache ZooKeeper is affected by unauthorized information disclosure. getACL command does not check permissions when retrieving the ACLs of the requested node. Consequently, plaintext information contained in the ACL Id field is returned. This allows an attacker to retrieve users' Id and...

Buffer overflow

Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller ADC 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10....

CVE-2019-6485

Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller ADC 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10....

CVE-2018-5261

An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the authentication...

CVE-2018-5261

Flexense DiskBoss 8.8.16 and earlier has a vulnerability where plaintext data from the handshake is used as input for the encryption key for the rest of the session, allowing a man-in-the-middle to access sensitive information such as authentication credentials. Source reports include NVD and CNV...

655,000 Healthcare Records Being Sold on Dark Web

A hacker selling upwards to 655,000 healthcare records on the dark web allegedly obtained them after exploiting a vulnerability in how companies implement remote desktop protocol, or RDP, functionality. The hacker, who goes by the handle “thedarkoverlord,” allegedly penetrated three healthcare...

Brickcom Corporation Network Cameras - Multiple Vulnerabilities

Brickcom Corporation Network Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the...

CVE-2 0 1 4-3 5 6 6 SSLv3 POODLE principle of analysis-vulnerability warning-the black bar safety net

0x00 background POODLE attack against SSLv3, CBC mode encryption algorithm, a padding oracle attack. This attack mode and before the BEAST attacks much like, can allow an attacker to obtain the SSL communication part of the information of the plaintext, such as coockie with. And the BEAST is...

F-Secure Key Plaintext Information Disclosure (Mac OS X)

The version of F-Secure Key installed on the remote Mac OS X host is older than 1.5.146. It is, therefore, affected by an unspecified error that could allow a local attacker to dump the contents of memory and obtain sensitive plaintext information. C Tenable Network Security, Inc...

eBay Password Database Hack Raises Questions

As is the case with most high-profile data breaches, despite an initial disclosure of information, more questions are inevitable. The eBay password database hack is a prime example. Inquiring minds still want to know more about how the stolen passwords are secured and why the online auction house...

IBM WebSphere Application Server 6.0 < 6.0.2.25 Multiple Vulnerabilities

IBM WebSphere Application Server 6.0.x before Fix Pack 25 appears to be running on the remote host. Such versions are reportedly affected by multiple vulnerabilities. - An unspecified vulnerability in the Administrative Console involving monitor role users. PK45768 - WebSphere Application Server...

CVE-2005-0517

PeerFTP5 stores sensitive information such as passwords in plaintext in the PeerFTP.ini files, which allows local users to gain privileges...