CWE:
 

Topic
Date
Author
Med.
Real Estate 7 WordPress v2.9.4 Multiple Vulnerabilities
13.01.2020
m0ze
High
Across DR-810 ROM-0 - Backup File Disclosure
12.01.2019
SajjadBnz
Med.
MensaMax 4.3 Hardcoded Encryption Key Disclosure
02.10.2018
Stefan Pietsch
Med.
Trend Micro ServerProtect Disclosure / CSRF / XSS
26.05.2017
Multiple
Med.
QNAP QTS 4.2.x XSS / Command Injection / Transport Issues
18.02.2017
Harry Sintonen
Med.
Intel Driver Update Utility 2.2.0.5 Man-In-The-Middle
20.01.2016
Core
Med.
ElasticSearch Cloud-Azure Insecure Transit
20.09.2015
Pedro Andujar


CVEMAP Search Results

CVE
Details
Description
2020-02-10
Medium
CVE-2019-20061

Vendor: Mfscripts
Software: Yetishare
 

 
The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial password.

 
2020-01-26
Medium
CVE-2020-7984

Vendor: Solarwinds
Software: N-central
 

 
SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration.

 
2020-01-13
Medium
CVE-2014-5380

Updating...
 

 
Grand MA 300 allows retrieval of the access PIN from sniffed data.

 
2019-12-25
Medium
CVE-2019-19967

Updating...
 

 
The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/setter.xml URI.

 
2019-12-20
Medium
CVE-2019-15911

Updating...
 

 
An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause the multiple denial of service attacks, take over smart home devices, and tamper with messages.

 
Low
CVE-2019-4743

Vendor: IBM
Software: Financial tr...
 

 
IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172880.

 
2019-12-18
Medium
CVE-2019-19889

Updating...
 

 
An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. The attacker can discover admin credentials in the backup file, aka backupsettings.conf.

 
2019-12-17
Medium
CVE-2019-16568

Vendor: Jenkins
Software: Sctmexecutor
 

 
Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs' configurations.

 
2019-12-12
Low
CVE-2019-18285

Vendor: Siemens
Software: Sppa-t3000 a...
 

 
A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The RMI communication between the client and the Application Server is unencrypted. An attacker with access to the communication channel can read credentials of a valid user. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

 
2019-12-06
Medium
CVE-2019-16674

Updating...
 

 
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top