Check CVE Id
Check CWE Id
WordPress Social-Stream 1.6.0 Twitter API Secret Disclosure
Sophos Web Appliance 220.127.116.11 Privilege Escalation
Password Safe And Repository Enterprise 7.4.4 Build 2247 Crypto Issues
Netop Remote Control 11.52 / 12.11 Credential Issue
PicsArt Photo Studio For Android Insecure Management
Fundacion Dr. Manuel S...
Privoxy 3.0.20-1 Proxy Authentication Credential Exposure
Chris John Riley
CVEMAP Search Results
A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. If the same passwords were used for other resources, further such assets may be compromised.
Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An unprivileged local attacker could potentially exploit this vulnerability, leading to account take over.
When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.
Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.
Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval.
The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (18.104.22.168) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further attacks.
Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server (restricted to administrators) and to know the SQL server password.
Back to Top