13 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-0925
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting...
CVE-2025-41647
CVE-2025-41647 affects Lenze PLC Designer V4. A local, low-privilege attacker can learn the password of the connected controller because the software incorrectly displays the password in plaintext under special conditions. The vulnerability is documented across multiple sources (NVD/Red Hat/CVE r...
CVE-2020-10710
CVE-2020-10710 affects Red Hat Satellite components (Candlepin) where the plaintext Candlepin password can be disclosed during updates via the satellite-installer. The flaw enables an attacker with sufficiently high privileges (e.g., root) to retrieve the Candlepin plaintext password, with confid...
CVE-2019-3893
It was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "deletecomputeresource" permission can use this flaw to take control over compu...
Schneider Electric Pelco Sarix Professional 1st generation cameras authentication password disclosure vulnerability
Schneider Electric Pelco Sarix Professional 1st generation cameras is an IP camera device from Schneider Electric France. A security vulnerability exists in Schneider Electric Pelco Sarix Professional 1st generation cameras using firmware versions prior to 3.29.69. The vulnerability can be...
Sophos Endpoint Protection Plaintext Password Disclosure Vulnerability
Sophos Endpoint Protection helps protect your workstation by adding prevention, detection and response technologies to your operating system. A plaintext password disclosure vulnerability exists in Sophos Endpoint Protection 10.7. The vulnerability arises because Sophos Endpoint Protection uses...
CVE-2017-0925
Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password...
MapInfo Discovery 1.0/1.1 - Remote Log File Access Information Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/10927/info Multiple remote vulnerabilities are reported in MapInfo Discovery. The first issue is reported to be an information disclosure vulnerability. An attacker may gain access to potentially sensitive error log...
RHEL 6 : 389-ds-base (RHSA-2012:0997)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0997 advisory. - rhds/389: plaintext password disclosure flaw CVE-2012-2678 - rhds/389: plaintext password disclosure in audit log CVE-2012-2746 Note that...
kayakoBad.txt
GulfTech Security Research July 30th, 2005 Vendor : Kayako Web Solutions URL : http://www.kayako.com/ Version : Kayako liveResponse v2.x Risk : Multiple Vulnerabilities Description: Kayako liveResponse is a web based application aimed at providing live support for websites and businesses. There a...
eLDAPo index.php Plaintext Password Disclosure
The remote host is hosting eLDAPo, a PHP-based CGI suite designed to perform LDAP queries. This application stores the passwords to the LDAP server in plaintext in its source file. An attacker can read the source code of index.php and use the information contained to gain credentials on a...
BlackMoon FTP Server blackmoon.mdb Plaintext Password Disclosure
BlackMoon FTP server is installed on the remote host. FTP usernames and passwords are stored on the server in plaintext in a filed called 'blackmoon.mdb.' Any user with an account on this host may read the credentials stored in this file, and use them to connect to this FTP server. C Tenable...
CesarFTP settings.ini Authentication Credential Plaintext Disclosure
The remote host is running CesarFTP. Due to a design flaw in the program, the plaintext usernames and passwords of FTP users are stored in the file 'settings.ini'. Any user with an account on this host may read this file and use the password to connect to this FTP server. C Tenable Network...