Search Results (782 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-4303 2 Cisco, Linux 5 Unified Videoconferencing System 5110, Unified Videoconferencing System 5110 Firmware, Unified Videoconferencing System 5115 and 2 more 2025-04-11 N/A
Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses world-readable permissions for the /etc/shadow file, which allows local users to discover encrypted passwords by reading this file, aka Bug ID CSCti54043.
CVE-2010-3319 1 Ibm 1 Filenet Content Manager 2025-04-11 N/A
IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file.
CVE-2010-3318 1 Ibm 1 Filenet Content Manager 2025-04-11 N/A
IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits passwords in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2010-3264 1 Novell 1 Identity Manager 2025-04-11 N/A
The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file.
CVE-2009-4945 1 Atutor 1 Acollab 2025-04-11 N/A
AdPeeps 8.5d1 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via requests to index.php.
CVE-2013-3612 1 Dahuasecurity 65 Dvr0404hd-a, Dvr0404hd-l, Dvr0404hd-s and 62 more 2025-04-11 N/A
Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.
CVE-2012-2743 1 Mikel Olasagasti 1 Revelation 2025-04-11 N/A
Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack.
CVE-2010-3038 2 Cisco, Linux 5 Unified Videoconferencing System 5110, Unified Videoconferencing System 5110 Firmware, Unified Videoconferencing System 5115 and 2 more 2025-04-11 N/A
Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008.
CVE-2010-3684 1 Synology 13 Disk Station Ds1010\+, Disk Station Ds109, Disk Station Ds110\+ and 10 more 2025-04-11 N/A
The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.
CVE-2010-4094 1 Ibm 2 Rational Quality Manager, Rational Test Lab Manager 2025-04-11 N/A
The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548.
CVE-2010-5080 1 Silverstripe 1 Silverstripe 2025-04-11 N/A
The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HTTP referer leakage."
CVE-2011-5204 1 Akiva 1 Webboard 2025-04-11 N/A
Akiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database.
CVE-2010-0556 1 Google 1 Chrome 2025-04-11 N/A
browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element.
CVE-2010-0141 1 Cisco 1 Unified Meetingplace 2025-04-11 N/A
MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote attackers to discover usernames, passwords, and unspecified other data from the user database via a modified authentication sequence to the Audio Server, aka Bug ID CSCsv76935.
CVE-2012-3014 1 Garrettcom 2 Magnum Managed Networks Software-6k, Magnum Managed Networks Software-6k Secure 2025-04-11 N/A
The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via unspecified vectors.
CVE-2013-5668 1 Thecus 2 N8800 Nas Server, N8800 Nas Server Firmware 2025-04-11 N/A
The ADS/NT Support page on the Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to discover the administrator credentials by reading this page's cleartext content.
CVE-2013-5669 1 Thecus 2 N8800 Nas Server, N8800 Nas Server Firmware 2025-04-11 N/A
The Thecus NAS server N8800 with firmware 5.03.01 uses cleartext credentials for administrative authentication, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2011-2192 6 Apple, Canonical, Debian and 3 more 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more 2025-04-11 N/A
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
CVE-2012-0034 1 Redhat 4 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Soa Platform and 1 more 2025-04-11 N/A
The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.
CVE-2013-6034 6 Gatehouse, Harris, Hughes Network Systems and 3 more 9 Gatehouse, Bgan, 9201 and 6 more 2025-04-11 N/A
The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals has hardcoded credentials, which makes it easier for attackers to obtain unspecified login access via unknown vectors.