160 matches found
PT-2024-41772
Name of the Vulnerable Software and Affected Versions Ceph affected versions not specified Description An issue exists in Ceph related to incorrect certificate checking when using Pybind. This flaw could allow an attacker to perform a Man In the Middle MITM attack, potentially compromising mail...
OwnCloud graphapi 0.2.x < 0.2.1 / 0.3.x < 0.3.1 Sensitive Informations Disclosure
An issue was discovered in OwnCloud graphapi plugin 0.2.x 0.2.1 and 0.3.x 0.3.1. The graphapi plugin relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information includes all th...
LOYTEC LINX-212 Security Vulnerability
The LOYTEC LINX-212 is a building controller from LOYTEC. A security vulnerability exists in the LOYTEC LINX-212 version 6.2.4 and LINX-151 version 7.2.4, which originated from a vulnerability that allows an attacker to disclose smtp client account credentials and bypass email authentication via...
CVE-2022-3172
A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties...
Design/Logic Flaw
A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties...
FUJIFILM Business Innovation Corp. and Xerox Corporation MFPs export Address Books with insufficient encryption strength
Overview Multiple MFPs multifunction printers provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient CWE-1391. Kunal Thakrar and Ceri Coburn of Pen Test...
CVE-2023-46327
Multiple MFPs multifunction printers provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encrypti...
The vulnerability of the httpd component’s debug credentials in the microprogramming-based industrial Wi-Fi routers Yifan YF325, due to security flaws in the authentication process, allows attackers to bypass the authentication mechanism.
The vulnerability of the httpd component’s debug credentials in the microprogramming-based industrial Wi-Fi routers Yifan YF325 is related to security flaws in the system. Exploiting this vulnerability could allow a malicious actor to bypass the authentication process remotely...
CVE-2023-3251
A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0...
SMTP server credentials are returned
Description The vulnerability discovered in the Calibre-Web application is a security flaw in the management of email configurations that allows the SMTP server credentials to be viewed by an account with editing permission. This could allow a malicious user with access to the administrative...
Security Bulletin: SNMPv3 server credentials are exposed in log files in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary SNMPv3 server credentials can be read in plaintext from system logs and audit logs accessible to any authenticated user in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products. Vulnerability Details CVEID:CVE-2022-43870 DESCRIPTION: IBM Spectrum...
CVE-2022-43870
IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540...
Open Redirect
openshift is vulnerable to Open Redirect. The vulnerability exists in the kube-apiserver, which allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected actions and forwarding the client's API server credentials to third parties...
python-scciclient 信任管理问题漏洞
python-scciclient is a Python ServerView Common Command Interface SCCI client library. A security vulnerability in python-scciclient exists because the server's credentials are not validated when establishing an HTTPS connection to the server allowing an attacker to implement a man-in-the-middle...
宏达国际电子 One/Sense 信任管理问题漏洞
HTC One and HTC Sense are both products of HTC International Electronics HTC, a Chinese company.HTC One is a smartphone.HTC Sense is a user interface for Android and Windows Mobile platforms. A security vulnerability exists in the HTC One/Sense version 4.x, which stems from the email client's...
CVE-2022-25199
A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials...
IDEC PLC安全漏洞
The IDEC PLC is a programmable controller. A security vulnerability exists in the IDEC PLC that could allow an attacker to obtain PLC web server user credentials from the communication between the PLC and the software. The following products and versions are affected: FC6A Series MICROSmart...
Information disclosure
Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the OIDC server credentials...
DEBIAN-CVE-2021-22923
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often...
Motorola MH702 Trust Management Issues Vulnerability
The Motorola MH702 is a router from Motorola USA. A trust management issue vulnerability exists in Motorola MH702x devices prior to version 2.0.0.301, which can be exploited by an attacker to gain access to a communication channel by failing to properly validate server credentials when...