Total
577 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26595 | 1 Rangerstudio | 1 Directus | 2024-08-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2022-45868 | 1 H2database | 1 H2 | 2024-08-03 | N/A | 7.8 HIGH |
| The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that." Nonetheless, the issue was fixed in 2.2.220. | |||||
| CVE-2022-29620 | 1 Filezilla-project | 1 Filezilla Client | 2024-08-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability | |||||
| CVE-2023-24055 | 1 Keepass | 1 Keepass | 2024-08-02 | N/A | 5.5 MEDIUM |
| KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC. | |||||
| CVE-2020-11924 | 1 Wizconnected | 2 Colors A60, Colors A60 Firmware | 2024-07-30 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device. | |||||
| CVE-2020-11923 | 1 Wizconnected | 1 Wiz | 2024-07-30 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged. | |||||
| CVE-2024-31486 | 2024-07-04 | N/A | N/A | ||
| A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). The affected devices stores MQTT client passwords without sufficient protection on the devices. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss. | |||||
| CVE-2024-4235 | 2024-06-04 | N/A | N/A | ||
| A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-262126 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-3742 | 2024-05-28 | N/A | N/A | ||
| Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system. | |||||
| CVE-2022-2513 | 1 Hitachienergy | 6 650connectivitypackage, 670connectivitypackage, Gms600connectivitypackage and 3 more | 2024-05-28 | N/A | 5.5 MEDIUM |
| A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database and logs files. An attacker having get access to the exported backup file can exploit the vulnerability and obtain user credentials of the IEDs. Additionally, an attacker with administrator access to the PCM600 host machine can obtain other user credentials by analyzing database log files. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, reboot the IEDs or cause a denial-of-service on the IEDs. | |||||
| CVE-2023-4392 | 1 Assaabloy | 1 Control Id Gerencia Web | 2024-05-17 | N/A | 5.3 MEDIUM |
| A vulnerability was found in Control iD Gerencia Web 1.30 and classified as problematic. Affected by this issue is some unknown functionality of the component Cookie Handler. The manipulation leads to cleartext storage of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237380. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3762 | 1 Intergard | 1 Smartgard Silver With Matrix Keyboard | 2024-05-17 | N/A | 7.5 HIGH |
| A vulnerability was found in Intergard SGS 8.7.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to cleartext storage of sensitive information in memory. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-234447. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-2863 | 1 Simpledesign | 1 Diary With Lock\ | 2024-05-17 | N/A | 5.5 MEDIUM |
| A vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229819. | |||||
| CVE-2023-1683 | 1 Xunruicms | 1 Xunruicms | 2024-05-17 | N/A | 7.5 HIGH |
| A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. Affected by this issue is some unknown functionality of the file /dayrui/Fcms/View/system_log.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224240. | |||||
| CVE-2008-6157 | 1 Sepcity | 1 Classified Ads | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information. | |||||
| CVE-2022-30275 | 1 Motorolasolutions | 1 Mdlc | 2024-02-14 | N/A | 7.5 HIGH |
| The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is protected by a password stored in cleartext in the wmdlcdrv.ini driver configuration file. In addition, this password is used for access control to MOSCAD/STS projects protected with the Legacy Password feature. In this case, an insecure CRC of the password is present in the project file: this CRC is validated against the password in the driver configuration file. | |||||
| CVE-2008-0174 | 1 Ge | 1 Proficy Real-time Information Portal | 2024-02-14 | 5.0 MEDIUM | 9.8 CRITICAL |
| GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges. | |||||
| CVE-2008-1567 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Opensuse and 1 more | 2024-02-14 | 2.1 LOW | 5.5 MEDIUM |
| phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. | |||||
| CVE-2007-5778 | 1 Flexispy | 1 Mobile Spy | 2024-02-14 | 6.4 MEDIUM | 7.5 HIGH |
| Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network. | |||||
| CVE-2008-6828 | 1 Symantec | 1 Altiris Deployment Solution | 2024-02-14 | 4.3 MEDIUM | 7.8 HIGH |
| Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server. | |||||