Total
759 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-3130 | 1 Blackberry | 1 Enterprise Service | 2024-11-21 | N/A |
| An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt. | ||||
| CVE-2016-2972 | 1 Ibm | 1 Sametime | 2024-11-21 | N/A |
| IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. IBM X-Force ID: 113855. | ||||
| CVE-2016-1265 | 1 Juniper | 1 Junos Space | 2024-11-21 | N/A |
| A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected. | ||||
| CVE-2016-10821 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75). | ||||
| CVE-2016-10791 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559). | ||||
| CVE-2016-10526 | 1 Grunt-gh-pages Project | 1 Grunt-gh-pages | 2024-11-21 | N/A |
| A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised. | ||||
| CVE-2016-10512 | 1 Multitech | 1 Faxfinder | 2024-11-21 | N/A |
| MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. These credentials are retrieved by the system when the LDAP configuration page is opened and are embedded directly into the HTML source code in cleartext. | ||||
| CVE-2016-10401 | 1 Zyxel | 2 Pk5001z, Pk5001z Firmware | 2024-11-21 | N/A |
| ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices). | ||||
| CVE-2016-10103 | 1 Hiteksoftware | 1 Automize | 2024-11-21 | N/A |
| Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for GPG Encryption profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14. | ||||
| CVE-2016-10101 | 1 Hiteksoftware | 1 Automize | 2024-11-21 | N/A |
| Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager. | ||||
| CVE-2016-0898 | 1 Vmware | 1 Pivotal Software Mysql | 2024-11-21 | 10.0 Critical |
| MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM. | ||||
| CVE-2016-0872 | 1 Kabona | 1 Webdatorcentral | 2024-11-21 | N/A |
| A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext. | ||||
| CVE-2015-9278 | 1 Mailenable | 1 Mailenable | 2024-11-21 | N/A |
| MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request. | ||||
| CVE-2015-9240 | 1 Keystonejs | 1 Keystone | 2024-11-21 | N/A |
| Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in. | ||||
| CVE-2015-8626 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A |
| The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||||
| CVE-2015-8282 | 1 Seawell Networks | 1 Spectrum Sdc | 2024-11-21 | N/A |
| SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account. | ||||
| CVE-2015-8109 | 1 Lenovo | 1 Lenovo System Update | 2024-11-21 | N/A |
| Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability." | ||||
| CVE-2015-8009 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A |
| The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials. | ||||
| CVE-2015-7259 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2024-11-21 | N/A |
| ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs. | ||||
| CVE-2015-7258 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2024-11-21 | N/A |
| ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. | ||||