Lucene search
K

5 matches found

Snyk
Snyk
added 2026/01/08 10:45 a.m.4 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials during the cross-protocol redirect when OAuth2 bearer is used and username component is set in redirect-to URL. An attacker can obtain sensitive authentication credentials by triggering a...

6.5CVSS6.6AI score0.00611EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/12/11 7:1 p.m.8 views

CVE-2025-34428

MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.SAV with overly permissive filesystem access. A local...

8.4CVSS6.2AI score0.00105EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2013/02/08 12:0 a.m.32 views

CVE-2013-0249

Stack-based buffer overflow in the Curlsaslcreatedigestmd5message function in lib/curlsasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long string...

7.5CVSS7.5AI score0.22913EPSS
Exploits6References4
OSV
OSV
added 2012/01/24 8:0 a.m.11 views

CURL-CVE-2012-0036 URL sanitization vulnerability

curl is vulnerable to a data injection attack for certain protocols through control characters embedded or percent-encoded in URLs. When parsing URLs, libcurl's parser is liberal and only parses as little as possible and lets as much as possible through as long as it can figure out what to do. In...

7.5CVSS6.6AI score0.16723EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2012/01/24 12:0 a.m.30 views

CVE-2012-0036

curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the 1 IMAP, 2 POP3, or 3 SMTP protocol...

7.5CVSS6.9AI score0.16723EPSS
Exploits0References3
Rows per page
Query Builder