35 matches found
EUVD-2016-10763
Malware in sbrugna...
EUVD-2020-21868
Malware in sbrugna...
EUVD-2017-10778
Malware in sbrugna...
EUVD-2018-12137
Malware in sbrugna...
CVE-2025-1349 IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...
CVE-2024-28971
The CVE-2024-28971 entry corresponds to Dell Update Manager Plugin versions 1.4.0–1.5.0, with a plain-text password storage vulnerability in the log file that could lead to disclosure of user credentials. Multiple connected sources confirm the issue and potential credential exposure; exploitation...
CVE-2023-6815
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...
CVE-2022-22458 IBM Security Verify Governance, Identity Manager information disclosure
IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. IBM X-Force ID: 225009...
CVE-2022-33928
Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to...
Default credentials
Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to...
CVE-2021-43590
Dell EMC Enterprise Storage Analytics for vRealize Operations (versions 4.0.1–6.2.1) stores passwords in plaintext, enabling a local high-privileged attacker to disclose certain user credentials and potentially access the vulnerable application with the compromised account’s privileges. The vulne...
CVE-2021-3620
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality...
CVE-2022-23178
An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname...
Design/Logic Flaw
An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname...
CVE-2022-23178
An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname...
CVE-2022-23178
CVE-2022-23178 affects Crestron HD-MD4X2-4K-E devices (firmware v1.0.0.2159). The unauthenticated admin web interface exposes credentials by sending a JSON payload with uname and upassword via aj.html, enabling login to the web interface. Impact is high (full authentication/password disclosure wi...
CVE-2021-36317
Dell EMC Avamar Server 19.4 is listed as affected by CVE-2021-36317 due to a plain-text password storage vulnerability in AvInstaller. The vulnerability could allow a local attacker to disclose user credentials and then access the vulnerable application with the compromised account’s privileges. ...
FreeBSD : Ansible -- Ansible user credentials disclosure in ansible-connection module (9a8514f3-2ab8-11ec-b3a1-8c164582fbac)
Red Hat reports : A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. %NASLMINLEVEL 70300 C Tenabl...
CVE-2021-21507
Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure...
Design/Logic Flaw
Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure...