CVE-2009-4535

Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / slash character to the URI...

CVE-2025-65000

CVE-2025-65000 affects Checkmk (Linux Remote alert handlers rule). SSH private keys were exposed in the HTML source of the rule page for Checkmk 2.3.0 and all versions up to 2.4.0p18, potentially allowing unauthorized triggering of predefined alert handlers on affected hosts. The Red Hat, NVD, Ub...

EUVD-2017-16773

Malware in sbrugna...

EC-WEB FS-EZViewer 信息泄露漏洞

EC-WEB FS-EZViewer is an online document viewing application. An information disclosure vulnerability exists in EC-WEB FS-EZViewer version 10.4.0.X and prior versions, which stems from the presence of a sensitive information disclosure vulnerability. An attacker can obtain database configuration...

TSplus Security Vulnerabilities

TSplus is a remote access software software from TSplus. A security vulnerability exists in TSplus Remote Work version 16.0.0.0, which originates from a plaintext password placed on the var pass of the HTML source code of the secure single sign-on web portal...

CVE-2022-22056

The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service...

CVE-2020-9013

Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting from the HTML source code...

Genexis Platinum-4410 Certification Bypass Vulnerability

The Genexis Platinum-4410 is a WiFi 300/750 Mbps triple-play GPON ONT series router. An authentication bypass vulnerability exists in Genexis Platinum-4410 2.1 P4410-V2 1.28. An attacker can exploit this vulnerability to obtain plaintext credentials from the HTML source code of the...

CVE-2019-9950

Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an authentication bypass vulnerability. The loginmgr.cgi file checks credentials...

Eaton UPS 9PX 8000 SP Password Disclosure Vulnerability (CNVD-2019-22860)

The Eaton UPS 9PX 8000 SP is a power management device from Eaton USA. The Eaton UPS 9PX 8000 SP suffers from a password disclosure vulnerability that originates from a web page displayed by the device containing a clear-text password, which can be retrieved by an attacker by browsing the source...

Mozilla Firefox Arbitrary Code Execution Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the U.S. Developer Tools is one of the development tools. An arbitrary code execution vulnerability exists in the Developer Tools feature of Mozilla Firefox prior to version 55, where the program fails to properl...

IBC Solar ServeMaster Plain Text Password Vulnerability

ServeMaster TLP+ and Danfoss TLX Pro+ are web-based SCADA systems. A plain text password vulnerability exists in ServeMaster TLP+ and Danfoss TLX Pro+. An attacker can exploit this vulnerability to obtain a plain text password by viewing the web page source code...

jenkins: clear text password disclosure (SECURITY-93)

The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value...

CVE-2009-3544

CVE-2009-3544 affects Xerver HTTP Server 4.32. A remote attacker can disclose the source of a web page by sending a crafted HTTP request with ::$DATA appended after the filename, leading to information disclosure. Multiple sources (NVD/OpenVAS/Seebug) confirm the vulnerability and its impact as s...

By URL spoofing install Trojan-vulnerability warning-the black bar safety net

URL spoofing the usual moves 1.＠ Flag filter user name resolution Originally＠flag is the E－mail address of the user name and host separator, but in my URL, the same applies, but function exactly the same. HTTP Hypertext Transfer Protocol, governs me the URL of the full format is“Http://Name:...