Total
759 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-5934 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-11 | N/A |
| Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200. | ||||
| CVE-2013-7004 | 1 Dlink | 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more | 2025-04-11 | N/A |
| D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username. | ||||
| CVE-2014-0329 | 1 Zte | 1 Zxv10 W300 | 2025-04-11 | N/A |
| The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password. | ||||
| CVE-2014-0647 | 2 Apple, Starbucks | 2 Iphone Os, Starbucks | 2025-04-11 | N/A |
| The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics log file (/Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog), which allows attackers to discover usernames, passwords, and e-mail addresses via an application that reads session.clslog. | ||||
| CVE-2014-0709 | 1 Cisco | 1 Ucs Director | 2025-04-11 | N/A |
| Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930. | ||||
| CVE-2014-0755 | 1 Rockwellautomation | 2 Logix 5000 Controller, Rslogix 5000 Design And Configuration Software | 2025-04-11 | N/A |
| Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors. | ||||
| CVE-2014-1467 | 1 Blackberry | 4 Blackberry Enterprise Service, Blackberry Universal Device Service, Enterprise Server and 1 more | 2025-04-11 | N/A |
| BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server for Domino through 5.0.4 MR6, Enterprise Server for Exchange through 5.0.4 MR6, and Enterprise Server for GroupWise through 5.0.4 MR6 log cleartext credentials during exception handling, which might allow context-dependent attackers to obtain sensitive information by reading a log file. | ||||
| CVE-2008-6473 | 1 Blogator-script | 1 Blogator-script | 2025-04-09 | N/A |
| _blogadata/include/init_pass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified "a" parameter with a "%" wildcard symbol in the b parameter. | ||||
| CVE-2007-6399 | 1 Myupb | 1 Flat Php Board | 2025-04-09 | N/A |
| index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action. | ||||
| CVE-2007-3061 | 1 Cactusoft | 1 Cactushop | 2025-04-09 | N/A |
| Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb. | ||||
| CVE-2007-6340 | 1 Moernaut | 2 Lsrunase, Supercrypt | 2025-04-09 | N/A |
| Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector (IV), which makes it easier for local users to obtain cleartext passwords. | ||||
| CVE-2008-2857 | 1 Alstrasoft | 1 Askme | 2025-04-09 | N/A |
| AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. | ||||
| CVE-2009-0919 | 1 Apachefriends | 1 Xampp | 2025-04-09 | N/A |
| XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the "lampp" default password for the "nobody" account within the included ProFTPD installation, (2) a blank default password for the "root" account within the included MySQL installation, (3) a blank default password for the "pma" account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK, but this issue affects any product that is installed within the XAMPP environment, and should not be viewed as a vulnerability within that product. NOTE: DFLabs states that PTK is intended for use in a laboratory with "no contact from / to internet." | ||||
| CVE-2008-3009 | 1 Microsoft | 8 Windows 2000, Windows Media Format Runtime, Windows Media Player and 5 more | 2025-04-09 | N/A |
| Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." | ||||
| CVE-2008-6818 | 1 Mole-group | 1 Real Estate Script | 2025-04-09 | N/A |
| Mole Group Real Estate Script 1.1 and earlier stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-0632 | 1 Cisco | 1 Unified Communications Manager | 2025-04-09 | N/A |
| The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x. | ||||
| CVE-2009-0620 | 1 Cisco | 2 Application Control Engine Module, Catalyst | 2025-04-09 | N/A |
| Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access. | ||||
| CVE-2009-0617 | 1 Cisco | 1 Application Networking Manager | 2025-04-09 | N/A |
| Cisco Application Networking Manager (ANM) before 2.0 uses a default MySQL root password, which makes it easier for remote attackers to execute arbitrary operating-system commands or change system files. | ||||
| CVE-2009-0616 | 1 Cisco | 1 Application Networking Manager | 2025-04-09 | N/A |
| Cisco Application Networking Manager (ANM) before 2.0 uses default usernames and passwords, which makes it easier for remote attackers to access the application, or cause a denial of service via configuration changes, related to "default user credentials during installation." | ||||
| CVE-2009-0503 | 1 Ibm | 1 Websphere Message Broker | 2025-04-09 | N/A |
| IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs. | ||||