CVE-2022-1342

A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive...

CVE-2022-1342

A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive...

CVE-2019-14666

GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any use...

Static Code Injection

Description The Microweber application allows HTML tags in the "First name", "Last name" and "Phone number" which can be exploited by Injecting HTML payloads. Proof of Concept 1.While buying product we need to fill contact information form. 2.Insert your html code in code block. e.g., Hurry Up!Go...

CVE-2021-31537

SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php affected parameters are config, version, win, db, pwd, and user and /rewe/prod/web/rewegocheck.php version and all other parameters...

CVE-2019-14840

A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials...

CVE-2020-2043

An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail custom syslog field is enabled for configuration logs and the sensitive field appears multiple tim...

CVE-2020-2043

An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail custom syslog field is enabled for configuration logs and the sensitive field appears multiple tim...

Information disclosure

An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail custom syslog field is enabled for configuration logs and the sensitive field appears multiple tim...

PAN-OS: Passwords may be logged in clear text when using after-change-detail custom syslog field for config logs

An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail custom syslog field is enabled for configuration logs and the sensitive field appears multiple tim...

CVE-2019-14666

GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any use...

CVE-2019-14666

GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any use...

glpi -- Account takeover vulnerability

MITRE Corporation reports: GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an...

PT-2018-3942 · D Link · D-Link Dcs Series Wi-Fi Cameras

Name of the Vulnerable Software and Affected Versions: D-Link DCS series Wi-Fi cameras versions 1.00 and above Description: The issue is related to insufficient protection of registration data in the common/info.cgi component of D-Link DCS series Wi-Fi cameras' firmware. This can allow a remote...

DEBIAN-CVE-2016-6189

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the 1 ics or 2 XML calendar feeds...

PYSEC-2014-7

The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...

DEBIAN-CVE-2010-4761

The customer-interface ticket-print dialog in Open Ticket Request System OTRS before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the 1 responsible, 2 owner, 3 accounted time, 4 pending until...