CVE-2024-39287

Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys...

EUVD-2020-30836

QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file,...

CVE-2020-36896

QiHang Media Web Digital Signage 3.0.9 has a cleartext credentials vulnerability where hardcoded admin credentials can be retrieved from an unprotected XML file (/xml/User/User.xml), enabling unauthenticated access and direct authentication bypass. This is evidenced across multiple sources (NVD, ...

CVE-2020-36896 QiHang Media Web Digital Signage 3.0.9 Cleartext Credentials Disclosure

QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file,...

QiHang Media Web Digital Signage 安全漏洞

QiHang Media Web Digital Signage is a digital signage management software from China-based QiHang. A security vulnerability exists in QiHang Media Web Digital Signage version 3.0.9, which originates from the presence of plaintext credentials in an unprotected XML file, which could lead to...

PT-2025-50517

QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file,...

EUVD-2019-4589

Malware in sbrugna...

EUVD-2019-2227

Malware in sbrugna...

EUVD-2024-37886

Malicious code in bioql PyPI...

PT-2025-27474 · Unknown · Filebrowser

Name of the Vulnerable Software and Affected Versions: File Browser versions 2.32.0 and prior Description: The issue concerns the implementation of password-protected links in File Browser, which is error-prone and can result in potential unprotected sharing of a file through a direct download...

CVE-2019-13021

The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password...

CVE-2024-39287

Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys...

CVE-2024-39287

Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys...

CVE-2024-39287

CVE-2024-39287 affects Dorsett Controls InfoScan ecosystem (notably the Central Server update server). The vulnerability is due to an information leak from an unprotected file that contains passwords and API keys, enabling potential exposure. Connected advisories corroborate the issue and note as...

CVE-2024-39287 Dorsett Controls InfoScan Exposure of Sensitive Information To An Unauthorized Actor

Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys...

Dorsett Controls InfoScan 信息泄露漏洞

Dorsett Controls InfoScan is an industrial information scanner from Dorsett Controls, USA. An information disclosure vulnerability exists in Dorsett Controls InfoScan versions 1.32, 1.33, and 1.35, which originates from an unprotected file containing passwords and API keys, resulting in an...

CVE-2022-48319

Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk = 2.1.0p13, Checkmk = 2.0.0p29, and all versions of Checkmk 1.6.0 EOL allows an attacker to gain access to the host secret through the unprotected agent updater log file...

CVE-2022-34464

A vulnerability has been identified in SICAM GridEdge Classic All versions V2.7.3. The affected application uses an improperly protected file to import SSH keys. This could allow attackers with access to the filesystem of the host on which SICAM GridEdge runs to inject a custom SSH key to that fi...

Unspecified Vulnerability in Bond Technology Management JetSelect (CNVD-2020-29621)

Bond Technology Management JetSelect is an application for managing IP and networks on board ships from Bond Technology Management in Cyprus. An unspecified vulnerability exists in Bond Technology Management JetSelect, which arises from the administrator password being stored in an unprotected fi...

CVE-2019-13021

The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password...