Total
756 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-3704 | 2 Fedoraproject, Pulpproject | 2 Fedora, Pulp | 2023-02-12 | N/A |
| Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords. | ||||
| CVE-2019-5456 | 1 Ui | 1 Unifi Controller | 2022-12-06 | 8.1 High |
| SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later. | ||||
| CVE-2021-21505 | 1 Dell | 2 Emc Integrated System For Microsoft Azure Stack Hub, Emc Integrated System For Microsoft Azure Stack Hub Firmware | 2022-10-24 | 9.8 Critical |
| Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit this to log in to the system to gain root privileges. | ||||
| CVE-2009-0616 | 1 Cisco | 1 Application Networking Manager | 2022-10-03 | N/A |
| Cisco Application Networking Manager (ANM) before 2.0 uses default usernames and passwords, which makes it easier for remote attackers to access the application, or cause a denial of service via configuration changes, related to "default user credentials during installation." | ||||
| CVE-2009-0620 | 1 Cisco | 2 Application Control Engine Module, Catalyst | 2022-10-03 | N/A |
| Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access. | ||||
| CVE-2009-0617 | 1 Cisco | 1 Application Networking Manager | 2022-10-03 | N/A |
| Cisco Application Networking Manager (ANM) before 2.0 uses a default MySQL root password, which makes it easier for remote attackers to execute arbitrary operating-system commands or change system files. | ||||
| CVE-2009-2945 | 1 Stanford | 1 Webauth | 2022-10-03 | N/A |
| weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | ||||
| CVE-2009-4189 | 1 Hp | 1 Operations Manager | 2022-10-03 | N/A |
| HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3099 and CVE-2009-3843. | ||||
| CVE-2009-4770 | 1 Jasper | 1 Httpdx | 2022-10-03 | N/A |
| The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access. | ||||
| CVE-2009-4304 | 1 Moodle | 1 Moodle | 2022-10-03 | N/A |
| Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks. | ||||
| CVE-2009-4188 | 1 Hp | 1 Operations Dashboard | 2022-10-03 | N/A |
| HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3098. | ||||
| CVE-2009-1075 | 1 Sun | 1 Java System Identity Manager | 2022-10-03 | N/A |
| Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2009-3710 | 1 Riorey | 1 Rios | 2022-10-03 | N/A |
| RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain privileges via port 8022. | ||||
| CVE-2002-2412 | 1 Nullsoft | 1 Winamp | 2022-10-03 | N/A |
| Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts. | ||||
| CVE-2002-2384 | 1 Hotfoon Corporation | 1 Hotfoon | 2022-10-03 | N/A |
| hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry key, which allows local users to gain access to user accounts and steal phone service. | ||||
| CVE-2002-2355 | 1 Netgear | 1 Fm114p | 2022-10-03 | N/A |
| Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information. | ||||
| CVE-2002-2310 | 1 Kryptronic | 1 Clickcartpro | 2022-10-03 | N/A |
| ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords. | ||||
| CVE-2002-2389 | 1 Fastlink Software | 1 The Server | 2022-10-03 | N/A |
| TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files. | ||||
| CVE-2002-2345 | 1 Oracle | 1 Application Server | 2022-10-03 | N/A |
| Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access. | ||||
| CVE-2005-4862 | 1 Xwiki | 1 Xwiki | 2022-10-03 | N/A |
| The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password. | ||||