The vulnerability in ManageEngine ADManager Plus Build < 7183 allows helpdesk technicians without backup/recovery privileges to view passwords of restored user accounts. This could lead to compromise of user accounts through password spraying attacks in the Active Directory environment. By configuring restore and recycle options in the Recovery Settings, deleted user accounts can be restored with a defined password.
The vulnerability exists in ManageEngine ADManager Plus Build version less than 7183, allowing helpdesk technicians without backup/recovery privileges to view and compromise user account passwords through password spraying attacks in Active Directory.
The R Radio Network FM Transmitter 1.07 system.cgi endpoint has an improper access control issue that allows unauthenticated users to access and view the clear-text password of the admin user, enabling them to bypass authentication and access FM station setup.
The R Radio FM Transmitter 1.07 system.cgi endpoint has an improper access control vulnerability that allows unauthenticated users to access and reveal the clear-text password of the admin user. This disclosure enables attackers to bypass authentication and gain unauthorized access to the FM station setup.
The R Radio FM Transmitter 1.07 system.cgi endpoint has an improper access control vulnerability that allows unauthenticated users to access and reveal the clear-text password of the admin user. This disclosure enables attackers to bypass authentication and gain unauthorized access to the FM station setup.
This exploit allows an attacker to disclose passwords in Emesene, a software used for instant messaging. The script reads a file called 'users.dat' located in the '.config/emesene1.0' directory and prints out the email and corresponding password in clear text. This vulnerability can be exploited if the user has enabled the 'remember password' feature.
The Router's web interface on default 192.168.2.1 reveals the administrator password in MD5 hash, allowing bypass of the login.
FileZilla FTP client may allow local attackers to obtain user passwords and access remote servers. The application uses a hard-coded cipher key to decrypt the password, which is stored in an XML file or the Windows Registry. This can allow the attacker to gain access to an FTP server with the privileges of the victim.
This vulnerability allows an attacker to disclose passwords from the passwd.txt file in WWWBoard 2.0 Alpha 2. The exploit can be accessed through the URL http://[target]/[www_board_path]/passwd.txt.
The PHP calendar script allows an attacker to download the user.txt file containing sensitive information like admin credentials. The file can be accessed directly through the exploit link provided.
Services By CQR