Show CWE-255: Credentials Management

	Topic	Date	Author
High	ASUSTOR ADM 3.1.0.RFQ3 Remote Command Execution / SQL Injection	16.08.2018	Kyle Lovett
High	Yealink VoIP Phone SIP-T38G Default Credentials	18.07.2014	RingZer0 Team
High	Ammyy Admin 3.2 Access Bypass	21.01.2014	Bhadresh Patel
Low	Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX	16.02.2011	VMware Security team
High	Comcast DOCSIS 3.0 Business Gateways Multiple Vulnerabilities	10.02.2011	Trustwave's SpiderLabs
High	Tandberg E, EX and C Series Endpoints Default Credentials for Root Account	05.02.2011	Cisco Security
High	RoomWizard Default Password and Sync Connector Credential Leak	15.01.2011	Sean Lam
High	SAP BusinessObjects Axis2 Default Admin Password	18.10.2010	HD Moore (HD_Moore rap...
Low	Synology Disk Station Web commands injection	02.10.2010	Rodrigo Branco
High	AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities	22.07.2010	MaXe
High	Linksys WAP54Gv3 Remote Debug Root Shell	13.06.2010	Cristofaro Mune
Low	Chrome Password Manager Cross Origin Weakness	20.02.2010	Timothy D. Morgan
High	evalSMSI 2.1.03 Multiple Input Validation Vulnerabilities	14.02.2010	Peter Van Eeckhoutte
High	HP Operations Agent 8.53 (solaris 10) Remote Unauthorized Access	11.02.2010	HP
High	GNU libc glibc: NIS shadow password	18.01.2010	Christoph Pleger
High	Exposing HMS HICP Protocol + Intellicom Remote Buffer Overflow	31.12.2009	Reversemode
High	news script HB-NS v1.3 Remote Admin Vulnerability	15.12.2009	kurdish hackers team
High	Radio istek scripti 2.5 remote configuration disclosure	27.11.2009	kurdish hackers team
High	Riorey \"RIOS\" Hardcoded Password Vulnerability	19.10.2009	Marek Kroemeke
High	Simple Machines Forum <= 1.1.5 Admin Reset Password Exploit (win32)	15.08.2009	Raz0r
Med.	X10media Mp3 Search Engine <= 1.6 Remote File Disclosure Vulnerability	14.08.2009	THUNDER
Med.	WordPress <= 2.8.3 Remote Admin Reset Password Vulnerability	11.08.2009	Laurent Gaffi
Med.	Gizmo SSL Certificate Vulnerability	11.07.2009	Gabriel Menezes Nunes
High	Multiple Flaws in Axesstel MV 410R	03.07.2009	Filip Palian
High	Multiple Flaws in Huawei D100	01.07.2009	Filip Palian
Med.	Blogator-script 0.95 Change User Password Vulnerbility	18.03.2009	hadihadi zedehal
Med.	PHPRunner SQL Injection	18.03.2009	AmnPardaz
Low	Constructr CMS <= 3.02.5 Stable Multiple Remote Vulnerabilities	07.01.2009	nukeit
Med.	Philips VOIP841 Multiple Vulnerabilities	03.11.2008	luca carettoni securen...
Low	Windows Mobile 6 insecure password handling and too short WLAN-password	09.10.2008	MC Iglo
High	Linksys/Cisco WRT350N 1.0.3.7 Insecure Samba Static Configuration	28.09.2008	Teh Kotak
Med.	Thickbox Gallery v2 (admins.php) Admin Data Disclosure Vulnerability	30.08.2008	SirGod
Med.	Crafty Syntax Live Help <= 2.14.6 SQL Injection	26.08.2008	GulfTech

CVEMAP Search Results

CVE

Details

Description

2022-12-19

CVE-2022-4611

Updating...

A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This affects an unknown part. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216273 was assigned to this vulnerability.

2020-12-01

Medium

CVE-2020-7533

Updating...

A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.

2019-09-06

Medium

CVE-2019-16060

Vendor: Airbrake
Software: Airbrake ruby

The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected).

2019-09-05

Low	CVE-2019-13349	Vendor: Knowage-suite Software: Knowage	In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes.
Medium	CVE-2019-4321	Vendor: IBM Software: Intelligent ...	IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201.

2019-09-04

Medium

CVE-2019-1976

Vendor: Cisco
Software: Network leve...

A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper access restrictions on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to access running configuration information about devices managed by the IND, including administrative credentials.

2019-08-29

Medium	CVE-2019-15805	Vendor: Arris Software: Tr4400 firmware	CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this.
Low	CVE-2019-3394	Vendor: Atlassian Software: Confluence	There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <install-directory>/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability.

2019-08-28

Medium	CVE-2019-15294	Updating...	An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file.
Low	CVE-2019-13348	Vendor: ENG Software: Knowage	In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases.

16.08.2018

18.07.2014

21.01.2014

16.02.2011

10.02.2011

05.02.2011

15.01.2011

18.10.2010

02.10.2010

22.07.2010

13.06.2010

20.02.2010

14.02.2010

11.02.2010

18.01.2010

31.12.2009

15.12.2009

27.11.2009

19.10.2009

15.08.2009

14.08.2009

11.08.2009

11.07.2009

03.07.2009

01.07.2009

18.03.2009

18.03.2009

07.01.2009

03.11.2008

09.10.2008

28.09.2008

30.08.2008

26.08.2008