Lucene search
K

323 matches found

Cisco
Cisco
added 2017/06/07 4:0 p.m.39 views

Cisco Elastic Services Controller Web Interface System Credentials Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive credentials that are stored in an affected system. The vulnerability exists because the affected software does not sufficiently control access to the...

6.1CVSS6.4AI score0.01203EPSS
Exploits0References1
Veracode
Veracode
added 2017/04/28 3:27 a.m.22 views

Information Disclosure

salt is vulnerable to an information disclosure vulnerability. The library mirrors the file permissions on the salt-master when setting up its temporary file location for the local cache. This can allow a malicious local user to access sensitive credentials...

7.8CVSS8.4AI score0.00434EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2016/11/14 3:58 p.m.43 views

Udemy: Completed Compromise & Source Code Disclosure via Exposed Jenkins Dashboard at https://jenkins101.udemy.com

Howdy, @udemy! Summary: ======= I am writing to inform you of a critical information disclosure bug via an exposed Jenkins dashboard located at https://jenkins101.udemy.com. Upon navigating to this address, I was asked to authenticate with my Github account. After authenticating, I was surprised ...

6.7AI score
Exploits0
NVD
NVD
added 2016/07/12 7:59 p.m.23 views

CVE-2016-5774

The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5.3.2 might allow remote attackers to obtain sensitive credentials and other information via unspecified vectors, related to use of insecure cryptographic parameters...

8.1CVSS7.9AI score0.01114EPSS
Exploits0References2
Prion
Prion
added 2016/07/12 7:59 p.m.13 views

Design/Logic Flaw

The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5.3.2 might allow remote attackers to obtain sensitive credentials and other information via unspecified vectors, related to use of insecure cryptographic parameters...

4.3CVSS6.8AI score0.01114EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2016/07/12 7:0 p.m.41 views

CVE-2016-5774

CVE-2016-5774 affects Blue Coat PacketShaper S-Series: the HTTPS server in 11.5.x before 11.5.3.2 uses insecure cryptographic parameters, enabling a remote attacker to obtain credentials and other sensitive information via management interfaces. Affected product: PacketShaper S-Series 11.5.x (bef...

8.1CVSS7.8AI score0.01114EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2016/07/04 4:59 p.m.13 views

CVE-2016-0899

EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files...

6.3CVSS6AI score0.0083EPSS
Exploits0References2
Prion
Prion
added 2016/07/04 4:59 p.m.15 views

Design/Logic Flaw

EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files...

3.5CVSS6.5AI score0.0083EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/12/15 2:0 a.m.20 views

CVE-2015-6404

Cisco Hosted Collaboration Mediation Fulfillment 10.63 does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374...

5.9AI score0.00955EPSS
Exploits0References2
Prion
Prion
added 2015/05/29 3:59 p.m.16 views

Security feature bypass

The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the 1 getBackupPolicy or 2 getBackupPolicies method...

7.8CVSS6.9AI score0.04431EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2015/05/29 3:0 p.m.51 views

CVE-2015-4069

Arcserve UDP has a credential information-disclosure vulnerability in the EdgeServiceImpl Web service. In versions prior to 5.0 Update 4, remote attackers can exploit crafted SOAP requests to getBackupPolicy or getBackupPolicies to obtain sensitive credentials. The issue arises from insufficient ...

7.8CVSS6.5AI score0.04431EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2015/05/29 3:0 p.m.21 views

CVE-2015-4069

The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the 1 getBackupPolicy or 2 getBackupPolicies method...

6.3AI score0.04431EPSS
Exploits0References4
NVD
NVD
added 2015/02/16 2:59 a.m.16 views

CVE-2015-1608

Topline Opportunity Form aka XLS Opp form before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors...

4CVSS6.1AI score0.01324EPSS
Exploits0References3
Cvelist
Cvelist
added 2015/02/16 2:0 a.m.18 views

CVE-2015-1608

Topline Opportunity Form aka XLS Opp form before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors...

6.1AI score0.01324EPSS
Exploits0References3
CERT
CERT
added 2015/01/13 12:0 a.m.23 views

Panasonic Arbitrator Back-End Server (BES) uses unencrypted communication

Overview Panasonic Arbitrator Back-End Server BES uses an unencrypted channel to transmit data. Description CWE-319: Cleartext Transmission of Sensitive Information Panasonic Arbitrator Back-End Server BES uses an unencrypted channel to transmit data between the client and server. It has been...

6.9AI score
Exploits0References3
NVD
NVD
added 2014/10/10 10:55 a.m.21 views

CVE-2014-4761

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code...

4CVSS5.9AI score0.01638EPSS
Exploits0References4
NVD
NVD
added 2014/09/05 5:55 p.m.25 views

CVE-2014-4862

The Netmaster CBW700N cable modem with software 81.447.392110.729.024 has an SNMP community of public, which allows remote attackers to obtain sensitive credential, key, and SSID information via an SNMP request...

5CVSS6.2AI score0.17133EPSS
Exploits2References2
The Hacker News
The Hacker News
added 2013/01/25 8:25 a.m.9 views

Hundreds of SSH Private Keys exposed via GitHub Search

GitHub is a source code repository which lets developers work on programs together as a team, even when they are in different locations. Each repository on the site is a public folder designed to hold the software code that a developer is working on. This Tuesday GitHub announced a major upgrades...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2013/01/24 9:25 p.m.11 views

Hundreds of SSH Private Keys exposed via GitHub Search

GitHub is a source code repository which lets developers work on programs together as a team, even when they are in different locations. Each repository on the site is a public folder designed to hold the software code that a developer is working on. This Tuesday GitHub announced a major upgrades...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2012/02/14 12:0 a.m.39 views

Sonexis ConferenceManager Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Netragard Security Advisory - Sonexis ConferenceManager - 20120201 POSTING NOTICE If you intend to post this advisory on your web page please create a link back to the original Netragard advisory as the contents of the advisory may change. For more...

7.4AI score
Exploits0
Rows per page
Query Builder