323 matches found
Cisco Elastic Services Controller Web Interface System Credentials Information Disclosure Vulnerability
A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive credentials that are stored in an affected system. The vulnerability exists because the affected software does not sufficiently control access to the...
Information Disclosure
salt is vulnerable to an information disclosure vulnerability. The library mirrors the file permissions on the salt-master when setting up its temporary file location for the local cache. This can allow a malicious local user to access sensitive credentials...
Udemy: Completed Compromise & Source Code Disclosure via Exposed Jenkins Dashboard at https://jenkins101.udemy.com
Howdy, @udemy! Summary: ======= I am writing to inform you of a critical information disclosure bug via an exposed Jenkins dashboard located at https://jenkins101.udemy.com. Upon navigating to this address, I was asked to authenticate with my Github account. After authenticating, I was surprised ...
CVE-2016-5774
The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5.3.2 might allow remote attackers to obtain sensitive credentials and other information via unspecified vectors, related to use of insecure cryptographic parameters...
Design/Logic Flaw
The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5.3.2 might allow remote attackers to obtain sensitive credentials and other information via unspecified vectors, related to use of insecure cryptographic parameters...
CVE-2016-5774
CVE-2016-5774 affects Blue Coat PacketShaper S-Series: the HTTPS server in 11.5.x before 11.5.3.2 uses insecure cryptographic parameters, enabling a remote attacker to obtain credentials and other sensitive information via management interfaces. Affected product: PacketShaper S-Series 11.5.x (bef...
CVE-2016-0899
EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files...
Design/Logic Flaw
EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files...
CVE-2015-6404
Cisco Hosted Collaboration Mediation Fulfillment 10.63 does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374...
Security feature bypass
The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the 1 getBackupPolicy or 2 getBackupPolicies method...
CVE-2015-4069
Arcserve UDP has a credential information-disclosure vulnerability in the EdgeServiceImpl Web service. In versions prior to 5.0 Update 4, remote attackers can exploit crafted SOAP requests to getBackupPolicy or getBackupPolicies to obtain sensitive credentials. The issue arises from insufficient ...
CVE-2015-4069
The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the 1 getBackupPolicy or 2 getBackupPolicies method...
CVE-2015-1608
Topline Opportunity Form aka XLS Opp form before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors...
CVE-2015-1608
Topline Opportunity Form aka XLS Opp form before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors...
Panasonic Arbitrator Back-End Server (BES) uses unencrypted communication
Overview Panasonic Arbitrator Back-End Server BES uses an unencrypted channel to transmit data. Description CWE-319: Cleartext Transmission of Sensitive Information Panasonic Arbitrator Back-End Server BES uses an unencrypted channel to transmit data between the client and server. It has been...
CVE-2014-4761
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code...
CVE-2014-4862
The Netmaster CBW700N cable modem with software 81.447.392110.729.024 has an SNMP community of public, which allows remote attackers to obtain sensitive credential, key, and SSID information via an SNMP request...
Hundreds of SSH Private Keys exposed via GitHub Search
GitHub is a source code repository which lets developers work on programs together as a team, even when they are in different locations. Each repository on the site is a public folder designed to hold the software code that a developer is working on. This Tuesday GitHub announced a major upgrades...
Hundreds of SSH Private Keys exposed via GitHub Search
GitHub is a source code repository which lets developers work on programs together as a team, even when they are in different locations. Each repository on the site is a public folder designed to hold the software code that a developer is working on. This Tuesday GitHub announced a major upgrades...
Sonexis ConferenceManager Information Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Netragard Security Advisory - Sonexis ConferenceManager - 20120201 POSTING NOTICE If you intend to post this advisory on your web page please create a link back to the original Netragard advisory as the contents of the advisory may change. For more...