22 matches found
EUVD-2026-16559
When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...
CVE-2026-2451
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...
CVE-2026-2452 Unsafe variable evaluation in email templates
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...
EUVD-2013-0958
Malware in sbrugna...
EUVD-2006-0434
Malware in sbrugna...
CVE-2022-30627
This vulnerability affects all of the company's products that also include the FW versions: updatei90cv2.021b20210104, updatei50v1.0.55b20200509, updatex6v2.1.2b202001127, updateb5v2.0.9b20200706. This vulnerability makes it possible to extract from the FW the existing user passwords on their...
CVE-2021-37551
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256...
CVE-2021-33218
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access...
Hardcoded credentials
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access...
CVE-2021-33218
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access...
CVE-2021-33218
CVE-2021-33218 affects CommScope Ruckus IoT Controller
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords
KL-001-2021-003: CommScope Ruckus IoT Controller Hard-coded System Passwords Title: CommScope Ruckus IoT Controller Hard-coded System Passwords Advisory ID: KL-001-2021-003 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-003.txt 1. Vulnerabilit...
TeamViewer Flaw Could Let Hackers Steal System Password Remotely
If you are using TeamViewer, then beware and make sure you're running the latest version of the popular remote desktop connection software for Windows. TeamViewer team recently released a new version of its software that includes a patch for a severe vulnerability CVE 2020-13699, which, if...
Apple OS X Apple ID OD Plugin User Password Change Vulnerability
Apple OS X is a BSD-based operating system distributed by Apple. A security vulnerability in the Apple OS X Apple ID OD plugin allows applications to exploit the vulnerability to change system user passwords...
Endian UTM Firewall 2.4.x / 2.5.0 CSRF / XSS
Exploit for php platform in category web applications Title: ====== Endian UTM Firewall v2.4.x & v2.5.0 - Multiple Web Vulnerabilities Introduction: ============= Einfach, schnell und zukunftssicher! Die ideale Lösung, um Ihre Filialen und industriellen Zweigstellen rund um den Globus zu schützen...
Kitchen Confidential: Mass. Case Lays Bare Unsanitary Data Security Practices
I worked in my share of kitchens when I was younger. I washed dishes, made salads, sous cheffed and worked the grill as a short order cook. And let me say this: one rule you learn when you work in the kitchen is – to borrow a phrase from the folks in ‘Vegas – ‘what happens in the kitchen stays in...
QUIK e-mail(QuarkMail latest remote vulnerability-vulnerability warning-the black bar safety net
From: http://www.aaibase.cn/Article/hk/201002/608.html Found by: me Vulnerability Description: The QUIK e-mail(QuarkMail Beijing Xiong Zhi weiye science and Technology Company launched the e-mail system, is widely used in various fields of the email solution该 产品 的 主要 客户 名单...
CVE-2006-2614
Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 records system passwords in the world-readable scripts 1 /cr/hdjobsdb.sh, 2 /cr/hdplancheckin.sh, and 3 /cr/oracleplancheckin.sh, which allows local users to obtain System Manager passwords...
Design/Logic Flaw
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted...
CVE-2006-0427
Vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords by accessing restricted functionality. Affects BEA WebLogic products with limited confidentiality impact (partial). Exploit details, root cau...