3 matches found
CVE-2021-4471
TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain valid account usernames and passwords, leading...
Jenkins Plugin 安全漏洞
Jenkins Plugin is an open source application for Jenkins. The Jenkins Plugin Conjur Secrets Plugin 1.0.9 previously contained a security vulnerability that allowed an attacker to exploit the vulnerability to take control of an agent process to retrieve the functionality of all username-password...
Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack
On Wednesday, Verizon’s Visible – an all-digital, uber-cheap wireless carrier – confirmed what customers have been complaining about on Reddit and Twitter all week: They lost control of their accounts; had their passwords and shipping addresses changed; and some got stuck with bills for pricey ne...