Total
729 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1977 | 1 Wellintech | 1 Kingview | 2025-04-11 | 7.1 HIGH | N/A |
| WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file. | |||||
| CVE-2010-2387 | 1 Gnome | 1 Gnome Display Manager | 2025-04-11 | 1.9 LOW | N/A |
| vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs. | |||||
| CVE-2013-4876 | 1 Verizon | 1 Wireless Network Extender | 2025-04-11 | 6.2 MEDIUM | N/A |
| The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt. | |||||
| CVE-2010-0219 | 2 Apache, Sap | 2 Axis2, Businessobjects | 2025-04-11 | 10.0 HIGH | N/A |
| Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. | |||||
| CVE-2010-1135 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-11 | 7.5 HIGH | N/A |
| The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse. | |||||
| CVE-2011-2082 | 1 Bestpractical | 1 Rt | 2025-04-11 | 5.0 MEDIUM | N/A |
| The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0009. | |||||
| CVE-2010-5067 | 1 Vwar | 1 Virtual War | 2025-04-11 | 6.8 MEDIUM | N/A |
| Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie. | |||||
| CVE-2008-7310 | 1 Spreecommerce | 1 Spree | 2025-04-11 | 5.0 MEDIUM | N/A |
| Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a "mass assignment" vulnerability. | |||||
| CVE-2011-2024 | 1 Cisco | 1 Cns Network Registrar | 2025-04-11 | 10.0 HIGH | N/A |
| Cisco Network Registrar before 7.2 has a default administrative password, which makes it easier for remote attackers to obtain access via a TCP session, aka Bug ID CSCsm50627. | |||||
| CVE-2012-3428 | 1 Jboss | 1 Ironjacamar | 2025-04-11 | 4.3 MEDIUM | N/A |
| The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt. | |||||
| CVE-2011-1035 | 1 Pivotx | 1 Pivotx | 2025-04-11 | 7.5 HIGH | N/A |
| The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors. | |||||
| CVE-2014-0008 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
| lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report. | |||||
| CVE-2010-0556 | 1 Google | 1 Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
| browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element. | |||||
| CVE-2011-1007 | 1 Bestpractical | 1 Rt | 2025-04-11 | 2.1 LOW | N/A |
| Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout. | |||||
| CVE-2011-3245 | 1 Apple | 1 Iphone Os | 2025-04-11 | 2.1 LOW | N/A |
| The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character. | |||||
| CVE-2013-5193 | 1 Apple | 1 Iphone Os | 2025-04-11 | 4.7 MEDIUM | N/A |
| The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials. | |||||
| CVE-2011-3435 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 2.1 LOW | N/A |
| Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors. | |||||
| CVE-2010-4764 | 1 Otrs | 1 Otrs | 2025-04-11 | 5.0 MEDIUM | N/A |
| Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation signature. | |||||
| CVE-2012-0700 | 1 Ibm | 2 Infosphere Fasttrack, Infosphere Information Server | 2025-04-11 | 1.9 LOW | N/A |
| The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2010-2083 | 1 Microsoft | 1 Dynamics Gp | 2025-04-11 | 4.0 MEDIUM | N/A |
| Microsoft Dynamics GP has a default value of ACCESS for the system password, which might make it easier for remote authenticated users to bypass intended access restrictions via unspecified vectors. | |||||