19 matches found
EUVD-2021-22163
Malware in sbrugna...
EUVD-2002-0232
Malware in sbrugna...
EUVD-2015-5163
Malware in sbrugna...
EUVD-2020-21857
Malware in sbrugna...
EUVD-2024-2359
Malicious code in bioql PyPI...
EUVD-2023-59634
Malicious code in bioql PyPI...
CVE-2025-36599
Summary: Dell PowerFlex Manager VM (Dell PowerFlex Manager VM) versions before 4.6.2.1 are affected by an insertion of sensitive information into log files. A low-privileged, remote attacker could exploit this to disclose user credentials and potentially access the system with the compromised acc...
PT-2025-26164 · D Link · D-Link Dph-400S/Se Voip Phone
Name of the Vulnerable Software and Affected Versions: D-Link DPH-400S/SE VoIP Phone version 1.01 Description: The issue concerns hardcoded provisioning variables, including PROVIS USER PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extrac...
CVE-2024-42056
Retool self-hosted enterprise through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered by an authenticated attacker via the /api/resources endpoint. The earliest affected version is 3.18.1...
CVE-2022-23178
An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname...
CVE-2019-13100
The Send Anywhere application 9.4.18 for Android stores confidential information insecurely on the system i.e., in cleartext, which allows a non-root user to find out the username/password of a valid user via /data/data/com.estmob.android.sendanywhere/sharedprefs/sendanywheredevice.xml...
Mozilla Thunderbird < 137.0.2
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 137.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-26 advisory. - When an email contains multiple attachments with external links via the...
CVE-2025-24363 The HL7 FHIR IG publisher may potentially expose GitHub repo user and credential information
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and...
PT-2022-3559 · Aethon · Aethon Tug Home Base Server
Name of the Vulnerable Software and Affected Versions: Aethon TUG Home Base Server versions prior to version 24 Description: The issue is related to the lack of input data sanitization in the "Загрузки" component of the TUG Home Base Server, which can lead to a remote attacker conducting a...
CVE-2017-1000474
The CVE refers to Soyket Chowdhury Vehicle Sales Management System (VSMS) v2017-07-30 with multiple vulnerabilities in login scripts (vehicle.php, profile.php, Actions.php, manage_employee.php, sell.php) enabling SQL Injection and Stored XSS that can lead to remote code execution. Connected data ...
X-News Password MD5 Hash Authentication Bypass
X-News is a news management system, written in PHP. X-News uses a flat-file database to store information. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. X-News stores user ids and passwords, as MD5 hashes, in a world- readable file, 'db/users.txt'...
DCP-Portal 5.5 - advertiser.php?Password SQL Injection
DCP-Portal 5.5 - advertiser.php?Password SQL Injection source: https://www.securityfocus.com/bid/8739/info Multiple SQL Injection vulnerabilities have been discovered that affect DCP-Portal scripts. These issues are likely due to a lack of sufficient sanitization performed on user supplied URI...
CuteCast 1.2 - User Credential Disclosure
source: https://www.securityfocus.com/bid/6127/info It has been reported that the default configuration of CuteCast is insecure. According to the report, CuteCast stores user information in a publicly accessible directory. This includes plaintext credentials...
SurfControl SuperScout Email Filter 3.5 - User Credential Disclosure
source: https://www.securityfocus.com/bid/5929/info SurfControl SuperScout Email Filter comes with a web-based interface to provide remote access to administrative facilities. One of the files userlist.asp that comes with the web interface contains a listing of administrative usernames/passwords...