Search Results (2199 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-1170 1 Cisco 2 Prime Network Control System, Prime Network Control System Software 2025-04-11 N/A
The Cisco Prime Network Control System (NCS) appliance with software before 1.1.1.24 has a default password for the database user account, which makes it easier for remote attackers to change the configuration or cause a denial of service (service disruption) via unspecified vectors, aka Bug ID CSCtz30468.
CVE-2013-1995 2 Redhat, X.org 2 Enterprise Linux, Libxi 2025-04-11 N/A
X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function.
CVE-2013-2762 1 Schneider-electric 1 Magelis Xbt Hmi 2025-04-11 N/A
The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions via crafted configuration data.
CVE-2013-2819 1 Sierrawireless 19 Airlink Mp At\&t, Airlink Mp At\&t Wifi, Airlink Mp Bell and 16 more 2025-04-11 N/A
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action.
CVE-2013-3471 1 Cisco 1 Identity Services Engine Software 2025-04-11 N/A
The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515.
CVE-2013-3497 1 Juniper 3 Junos Space, Junos Space Ja1500 Appliance, Junos Space Virtual Appliance 2025-04-11 N/A
Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance and in other contexts, includes a cleartext password in a configuration tab, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen.
CVE-2013-3502 1 Gwos 1 Groundwork Monitor 2025-04-11 N/A
monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands, and consequently obtain sensitive information, by leveraging a JOSSO SSO cookie.
CVE-2003-1588 1 Sun 1 Cluster 2025-04-11 N/A
Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file.
CVE-2013-3505 1 Gwos 1 Groundwork Monitor 2025-04-11 N/A
The Nagios-App component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to bypass intended access restrictions via a direct request for a (1) log file or (2) configuration file.
CVE-2013-3585 1 Samsung 2 Dvr, Smart Viewer 2025-04-11 N/A
Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup web page.
CVE-2008-7255 1 Amsn 1 Amsn 2025-04-11 N/A
login_screen.tcl in aMSN (aka Alvaro's Messenger) before 0.97.1 saves a password after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation.
CVE-2013-4114 1 Henri Wahl 1 Nagstamon 2025-04-11 N/A
The automatic update request in Nagstamont before 0.9.10 uses a cleartext base64 format for transmission of a username and password, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2009-4674 1 Mole-group 2 Bus Ticket Script, Sky Hunter Airline Ticket Sale Script 2025-04-11 N/A
admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified user_id field.
CVE-2009-4770 1 Jasper 1 Httpdx 2025-04-11 N/A
The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access.
CVE-2009-4781 1 Tukeva 1 Password Reminder 2025-04-11 N/A
TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for rem.accdb, which allows local users to discover credentials via a DBI connection.
CVE-2010-0113 2 Google, Symantec 2 Android, Mobile Security 2025-04-11 N/A
The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs.
CVE-2010-0124 1 Timeclock-software 1 Employee Timeclock Software 2025-04-11 N/A
Employee Timeclock Software 0.99 places the database password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.
CVE-2010-0141 1 Cisco 1 Unified Meetingplace 2025-04-11 N/A
MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote attackers to discover usernames, passwords, and unspecified other data from the user database via a modified authentication sequence to the Audio Server, aka Bug ID CSCsv76935.
CVE-2010-0211 5 Apple, Openldap, Opensuse and 2 more 6 Mac Os X, Mac Os X Server, Openldap and 3 more 2025-04-11 9.8 Critical
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.
CVE-2010-0219 2 Apache, Sap 2 Axis2, Businessobjects 2025-04-11 N/A
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.