Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php.
In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user kno...
An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. The application's database was found to contain informatio...
An insecure storage of sensitive information vulnerability is present in Hickory Smart for iOS mobile devices from Belwith Products, LLC. The application's database was found to contain information th...
Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information.
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave suppor...
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the...