Total
759 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1408 | 1 Conceptronic | 2 C54apm, C54apm Firmware | 2025-04-11 | 7.8 HIGH | N/A |
| The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks. | |||||
| CVE-2013-4873 | 1 Yahoo | 1 Tumblr | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2012-3428 | 1 Jboss | 1 Ironjacamar | 2025-04-11 | 4.3 MEDIUM | N/A |
| The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt. | |||||
| CVE-2010-0141 | 1 Cisco | 1 Unified Meetingplace | 2025-04-11 | 6.4 MEDIUM | N/A |
| MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote attackers to discover usernames, passwords, and unspecified other data from the user database via a modified authentication sequence to the Audio Server, aka Bug ID CSCsv76935. | |||||
| CVE-2011-1742 | 1 Emc | 1 Data Protection Advisor | 2025-04-11 | 2.1 LOW | N/A |
| EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file. | |||||
| CVE-2010-0616 | 1 Myshell | 1 Evalsmsi | 2025-04-11 | 7.5 HIGH | N/A |
| evalSMSI 2.1.03 stores passwords in cleartext in the database, which allows attackers with database access to gain privileges. NOTE: remote attack vectors are possible by leveraging a separate SQL injection vulnerability. | |||||
| CVE-2013-7305 | 1 E107 | 1 E107 | 2025-04-11 | 4.3 MEDIUM | N/A |
| fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user. | |||||
| CVE-2011-3290 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Software | 2025-04-11 | 10.0 HIGH | N/A |
| Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135. | |||||
| CVE-2008-7309 | 1 Insoshi | 1 Insoshi | 2025-04-11 | 5.0 MEDIUM | N/A |
| Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost user_id value via a modified URL, related to a "mass assignment" vulnerability. | |||||
| CVE-2012-5571 | 1 Openstack | 2 Essex, Folsom | 2025-04-11 | 3.5 LOW | N/A |
| OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role. | |||||
| CVE-2010-1760 | 1 Apple | 1 Webkit | 2025-04-11 | 10.0 HIGH | N/A |
| loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150. | |||||
| CVE-2012-3306 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 6.8 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, when multi-domain support is configured, does not purge password data from the authentication cache, which has unspecified impact and remote attack vectors. | |||||
| CVE-2012-2743 | 1 Mikel Olasagasti | 1 Revelation | 2025-04-11 | 5.0 MEDIUM | N/A |
| Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack. | |||||
| CVE-2010-2387 | 1 Gnome | 1 Gnome Display Manager | 2025-04-11 | 1.9 LOW | N/A |
| vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs. | |||||
| CVE-2013-0128 | 1 Tigertext | 1 Tigertext | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Contact Customer Support feature in the TigerText Free Private Texting app before 3.1.402 for iOS sends a log-file e-mail message with unencrypted credentials, which allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to an e-mail endpoint. | |||||
| CVE-2012-4697 | 1 Turck | 4 Bl20 Programmable Gateway, Bl20 Programmable Gateway Firmware, Bl67 Programmable Gateway and 1 more | 2025-04-11 | 10.0 HIGH | N/A |
| TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allows remote attackers to obtain administrative access via an FTP session. | |||||
| CVE-2013-5535 | 1 Cisco | 3 Video Surveillance 4000 Ip Camera, Video Surveillance 4300e Ip Camera, Video Surveillance 4500e Ip Camera | 2025-04-11 | 6.4 MEDIUM | N/A |
| The analytics page on Cisco Video Surveillance 4000 IP cameras has hardcoded credentials, which allows remote attackers to watch the video feed by leveraging knowledge of the password, aka Bug IDs CSCuj70402 and CSCuj70419. | |||||
| CVE-2010-1383 | 2 Apple, Microsoft | 5 Cfnetwork, Safari, Windows 7 and 2 more | 2025-04-11 | 9.3 HIGH | N/A |
| CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue. | |||||
| CVE-2013-6884 | 1 Cru-inc | 2 Ditto Forensic Fieldstation, Ditto Forensic Fieldstation Firmware | 2025-04-11 | 10.0 HIGH | N/A |
| The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges. | |||||
| CVE-2010-1135 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-11 | 7.5 HIGH | N/A |
| The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse. | |||||