5 matches found
CVE-2026-32315 motionEye: World-Readable Configuration File Exposes Admin Password Hash
motionEye mEye is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contains...
CVE-2026-32315
motionEye prior to 0.44.0 creates /etc/motioneye/motion.conf with 644 permissions (-rw-r--r--) and per-camera camera-.conf with identical permissions, making the admin password hash and camera credentials readable by any local user. The SHA1 admin password hash can be cracked offline to plaintext...
PT-2019-8951 · Synology · Synology Diskstation Manager
Name of the Vulnerable Software and Affected Versions: Synology Diskstation Manager DSM versions prior to 6.2-23739-1 Description: The issue is related to incorrect default permissions in the synouser.conf file, allowing remote authenticated users to obtain sensitive information due to the...
thermostat: world-readable configuration file containing credentials
It was discovered that the Thermostat web application stored database authentication credentials in a world-readable configuration file. A local user on a system running the Thermostat web application could use this flaw to access and modify monitored JVM data, or perform actions on connected JVM...
PT-2013-2200
Name of the Vulnerable Software and Affected Versions puppetlabs-cinder module affected versions not specified Description The issue concerns the puppetlabs-cinder module, which is used in PackStack. It allows local users to read OpenStack administrative passwords due to world-readable permission...