Total
769 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4879 | 1 Wago | 1 Wago I\/o System 758 Industrial Pc Device | 2025-04-11 | 10.0 HIGH | N/A |
| The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a default password of guest for the guest account, which makes it easier for remote attackers to obtain login access via a TELNET session, a different vulnerability than CVE-2012-3013. | |||||
| CVE-2012-2630 | 1 Bandainamcogames | 1 Madomagi-ip Android | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2013-3585 | 1 Samsung | 2 Dvr, Smart Viewer | 2025-04-11 | 5.0 MEDIUM | N/A |
| Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup web page. | |||||
| CVE-2011-2990 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-11 | 5.0 MEDIUM | N/A |
| The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects. | |||||
| CVE-2013-5006 | 1 Westerndigital | 3 My Net N750, My Net N900, My Net N900c | 2025-04-11 | 4.3 MEDIUM | N/A |
| main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the "var pass=" line within the HTML source code. | |||||
| CVE-2010-4965 | 1 Dlink | 2 Dcs-2121, Dcs-2121 Firmware | 2025-04-11 | 9.0 HIGH | N/A |
| /etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server. | |||||
| CVE-2013-4790 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-11 | 3.5 LOW | N/A |
| Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server. | |||||
| CVE-2013-1649 | 1 Open-xchange | 1 Open-xchange Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses the crypt and SHA-1 algorithms for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | |||||
| CVE-2012-4088 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | 4.3 MEDIUM | N/A |
| The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769. | |||||
| CVE-2011-4048 | 1 Dell | 1 Kace K2000 Systems Deployment Appliance | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Dell KACE K2000 System Deployment Appliance has a default username and password for the read-only reporting account, which makes it easier for remote attackers to obtain sensitive information from the database by leveraging the default credentials. | |||||
| CVE-2011-4966 | 1 Freeradius | 1 Freeradius | 2025-04-11 | 6.0 MEDIUM | N/A |
| modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password. | |||||
| CVE-2012-2690 | 1 Libguestfs | 1 Libguestfs | 2025-04-11 | 2.1 LOW | N/A |
| virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information. | |||||
| CVE-2012-4856 | 1 Ibm | 2 Power 5, Power 5 System Firmware | 2025-04-11 | 7.9 HIGH | N/A |
| The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2009-5066 | 1 Redhat | 2 Jboss Community Application Server, Jboss Enterprise Application Platform | 2025-04-11 | 2.1 LOW | N/A |
| twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments. | |||||
| CVE-2011-2082 | 1 Bestpractical | 1 Rt | 2025-04-11 | 5.0 MEDIUM | N/A |
| The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0009. | |||||
| CVE-2010-3925 | 1 Wb-i | 1 Contents-mall | 2025-04-11 | 5.8 MEDIUM | N/A |
| Contents-Mall before 15 does not properly handle passwords, which allows remote attackers to discover the administrative password, and consequently obtain sensitive information or modify data, via unspecified vectors. | |||||
| CVE-2013-7004 | 1 Dlink | 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more | 2025-04-11 | 7.8 HIGH | N/A |
| D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username. | |||||
| CVE-2012-1288 | 1 Utc | 1 Utc Fire \& Security Ge-mc100-ntp\/gps-zb Master Clock Device | 2025-04-11 | 10.0 HIGH | N/A |
| The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP session. | |||||
| CVE-2013-3279 | 1 Emc | 1 Atmos | 2025-04-11 | 5.0 MEDIUM | N/A |
| EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection. | |||||
| CVE-2010-3897 | 1 Ibm | 1 Omnifind | 2025-04-11 | 5.0 MEDIUM | N/A |
| ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file. | |||||