16 matches found
PT-2026-32969
Name of the Vulnerable Software and Affected Versions SpiceDB versions 1.49.0 through 1.51.0 Description When the system starts with the log level set to info, the startup 'configuration' log exposes the full datastore DSN, including the plaintext password, within the DatastoreConfig.URI variable...
EUVD-2025-19753
Malicious code in bioql PyPI...
CVE-2025-40752
CVE-2025-40752 affects Siemens POWER METER SICAM Q100/Q200 (Q100 variants 2.60–2.61/2.60–2.61 for certain SKUs) and SICAM Q200 (2.70–2.79) where SMTP password is stored in cleartext. This allows an authenticated local attacker to read the SMTP credentials from the device configuration and abuse t...
CVE-2025-34078 NSClient++ 0.5.2.35 Local Privilege Escalation via ExternalScripts and Web Interface
A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file nsclient.ini stores the administrative password in plaintext and is readable by local users. By extracting this password, an attack...
CVE-2002-1939
FlashFXP 1.4 prints FTP passwords in plaintext when there are transfers in the queue, which allows attackers to obtain FTP passwords of other users by editing the queue properties...
CVE-2024-9418
In version 0.0.14 of transformeroptimus/superagi, the API endpoint /api/users/get/id returns the user's password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover...
DEBIAN-CVE-2024-23091
Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values...
CVE-2023-22389
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–Backup Settings, which could be read by any user accessing the file...
CVE-2022-48071
Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext...
UBUNTU-CVE-2016-2124
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required...
CVE-2013-7033
LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent...
Important: Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.3.1 update
JBoss Enterprise SOA Platform 5.3.1, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS...
RHEL 5 / 6 : Red Hat Network Proxy spacewalk-backend (RHSA-2012:0102)
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:0102 advisory. Red Hat Network RHN Proxy provides a mechanism for caching content, such as package updates from Red Hat or custom content created for an...
Akiva WebBoard 8. x SQL injection flaws and fixes-vulnerability warning-the black bar safety net
Title: Akiva Webboard 8. x SQL Injection + Plaintext Passwords in Profiles. Author: Alexander Fuchs www.2cto.com Download address: http://www.akiva.com/default.asp?l=1&id=8 Affected versions: 8. x Test platform: Windows, Linux. It is possible to login as administrator with admin'-- as the usernam...
CVE-2000-0957
The pluggable authentication module for mysql pammysql before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes...
rconsole.passwd.netware.txt
Date: Tue, 6 Oct 1998 02:36:11 -0500 From: Simple Nomad To: [email protected] Subject: NMRC Advisory - "Decryption" of the RCONSOLE Password Jeez I swear we'd be this productive all the time of fully funded. Anyway this makes up for the last one's lameness. -SN Nomad Mobile Research Centre A D...