Total
765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3502 | 1 Gwos | 1 Groundwork Monitor | 2025-04-11 | 6.5 MEDIUM | N/A |
| monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands, and consequently obtain sensitive information, by leveraging a JOSSO SSO cookie. | |||||
| CVE-2010-5067 | 1 Vwar | 1 Virtual War | 2025-04-11 | 6.8 MEDIUM | N/A |
| Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie. | |||||
| CVE-2013-4616 | 1 Apple | 1 Iphone Os | 2025-04-11 | 5.8 MEDIUM | N/A |
| The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases. | |||||
| CVE-2008-7310 | 1 Spreecommerce | 1 Spree | 2025-04-11 | 5.0 MEDIUM | N/A |
| Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a "mass assignment" vulnerability. | |||||
| CVE-2013-2297 | 1 Eucalyptus | 1 Eustore | 2025-04-11 | 6.9 MEDIUM | N/A |
| Eucalyptus EuStore sets a blank root password in the default configuration of EMI 3868652036, EMI 0400376721, EMI 2425352071, and EMI 1347115203, which allows local users to gain privileges via unspecified vectors, a related issue to CVE-2013-2069. | |||||
| CVE-2010-5080 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | 6.8 MEDIUM | N/A |
| The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HTTP referer leakage." | |||||
| CVE-2012-3014 | 1 Garrettcom | 2 Magnum Managed Networks Software-6k, Magnum Managed Networks Software-6k Secure | 2025-04-11 | 7.7 HIGH | N/A |
| The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2011-2555 | 1 Cisco | 1 Telepresence Recording Server Software | 2025-04-11 | 10.0 HIGH | N/A |
| Cisco TelePresence Recording Server 1.7.2.x before 1.7.2.1 has a default password for the root administrator account, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtr76182. | |||||
| CVE-2014-1408 | 1 Conceptronic | 2 C54apm, C54apm Firmware | 2025-04-11 | 7.8 HIGH | N/A |
| The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks. | |||||
| CVE-2013-4873 | 1 Yahoo | 1 Tumblr | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2012-3428 | 1 Jboss | 1 Ironjacamar | 2025-04-11 | 4.3 MEDIUM | N/A |
| The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt. | |||||
| CVE-2010-0141 | 1 Cisco | 1 Unified Meetingplace | 2025-04-11 | 6.4 MEDIUM | N/A |
| MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote attackers to discover usernames, passwords, and unspecified other data from the user database via a modified authentication sequence to the Audio Server, aka Bug ID CSCsv76935. | |||||
| CVE-2011-1742 | 1 Emc | 1 Data Protection Advisor | 2025-04-11 | 2.1 LOW | N/A |
| EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file. | |||||
| CVE-2010-0616 | 1 Myshell | 1 Evalsmsi | 2025-04-11 | 7.5 HIGH | N/A |
| evalSMSI 2.1.03 stores passwords in cleartext in the database, which allows attackers with database access to gain privileges. NOTE: remote attack vectors are possible by leveraging a separate SQL injection vulnerability. | |||||
| CVE-2013-7305 | 1 E107 | 1 E107 | 2025-04-11 | 4.3 MEDIUM | N/A |
| fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user. | |||||
| CVE-2011-3290 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Software | 2025-04-11 | 10.0 HIGH | N/A |
| Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135. | |||||
| CVE-2008-7309 | 1 Insoshi | 1 Insoshi | 2025-04-11 | 5.0 MEDIUM | N/A |
| Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost user_id value via a modified URL, related to a "mass assignment" vulnerability. | |||||
| CVE-2012-5571 | 1 Openstack | 2 Essex, Folsom | 2025-04-11 | 3.5 LOW | N/A |
| OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role. | |||||
| CVE-2010-1760 | 1 Apple | 1 Webkit | 2025-04-11 | 10.0 HIGH | N/A |
| loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150. | |||||
| CVE-2012-3306 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 6.8 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, when multi-domain support is configured, does not purge password data from the authentication cache, which has unspecified impact and remote attack vectors. | |||||