CWE:
 

Topic
Date
Author
High
Yealink VoIP Phone SIP-T38G Default Credentials
18.07.2014
RingZer0 Team
High
Ammyy Admin 3.2 Access Bypass
21.01.2014
Bhadresh Patel
Low
Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
16.02.2011
VMware Security team
High
Comcast DOCSIS 3.0 Business Gateways Multiple Vulnerabilities
10.02.2011
Trustwave's SpiderLabs
High
Tandberg E, EX and C Series Endpoints Default Credentials for Root Account
05.02.2011
Cisco Security
High
RoomWizard Default Password and Sync Connector Credential Leak
15.01.2011
Sean Lam
High
SAP BusinessObjects Axis2 Default Admin Password
18.10.2010
HD Moore (HD_Moore rap...
Low
Synology Disk Station Web commands injection
02.10.2010
Rodrigo Branco
High
AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities
22.07.2010
MaXe
High
Linksys WAP54Gv3 Remote Debug Root Shell
13.06.2010
Cristofaro Mune
Low
Chrome Password Manager Cross Origin Weakness
20.02.2010
Timothy D. Morgan
High
evalSMSI 2.1.03 Multiple Input Validation Vulnerabilities
14.02.2010
Peter Van Eeckhoutte
High
HP Operations Agent 8.53 (solaris 10) Remote Unauthorized Access
11.02.2010
HP
High
GNU libc glibc: NIS shadow password
18.01.2010
Christoph Pleger
High
Exposing HMS HICP Protocol + Intellicom Remote Buffer Overflow
31.12.2009
Reversemode
High
news script HB-NS v1.3 Remote Admin Vulnerability
15.12.2009
kurdish hackers team
High
Radio istek scripti 2.5 remote configuration disclosure
27.11.2009
kurdish hackers team
High
Riorey \"RIOS\" Hardcoded Password Vulnerability
19.10.2009
Marek Kroemeke
High
Simple Machines Forum <= 1.1.5 Admin Reset Password Exploit (win32)
15.08.2009
Raz0r
Med.
X10media Mp3 Search Engine <= 1.6 Remote File Disclosure Vulnerability
14.08.2009
THUNDER
Med.
WordPress <= 2.8.3 Remote Admin Reset Password Vulnerability
11.08.2009
Laurent Gaffi
Med.
Gizmo SSL Certificate Vulnerability
11.07.2009
Gabriel Menezes Nunes
High
Multiple Flaws in Axesstel MV 410R
03.07.2009
Filip Palian
High
Multiple Flaws in Huawei D100
01.07.2009
Filip Palian
Med.
Blogator-script 0.95 Change User Password Vulnerbility
18.03.2009
hadihadi zedehal
Med.
PHPRunner SQL Injection
18.03.2009
AmnPardaz
Low
Constructr CMS <= 3.02.5 Stable Multiple Remote Vulnerabilities
07.01.2009
nukeit
Med.
Philips VOIP841 Multiple Vulnerabilities
03.11.2008
luca carettoni securen...
Low
Windows Mobile 6 insecure password handling and too short WLAN-password
09.10.2008
MC Iglo
High
Linksys/Cisco WRT350N 1.0.3.7 Insecure Samba Static Configuration
28.09.2008
Teh Kotak
Med.
Thickbox Gallery v2 (admins.php) Admin Data Disclosure Vulnerability
30.08.2008
SirGod
Med.
Crafty Syntax Live Help <= 2.14.6 SQL Injection
26.08.2008
GulfTech


CVEMAP Search Results

CVE
Details
Description
2018-05-18
Low
CVE-2017-18270

Vendor: Linux
Software: Linux kernel
 

 
In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.

 
2018-05-17
Low
CVE-2018-10327

Vendor: Printeron
Software: Printeron
 

 
PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file.

 
2018-05-14
Low
CVE-2017-12127

Vendor: MOXA
Software: Edr-810 firmware
 

 
A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device.

 
Low
CVE-2017-12123

Vendor: MOXA
Software: Edr-810 firmware
 

 
An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin.

 
Low
CVE-2018-10989

Vendor: Arris
Software: Tg1682g firmware
 

 
Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access restrictions by leveraging access to the local network. NOTE: one or more user's guides distributed by ISPs state "At a minimum, you should set a login password."

 
2018-05-11
Medium
CVE-2018-7248

Vendor: Zohocorp
Software: Manageengine...
 

 
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it does not.

 
Low
CVE-2018-6618

Vendor: EHCP
Software: Easy hosting...
 

 
Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtain sensitive information by leveraging cleartext password storage.

 
Low
CVE-2018-6617

Vendor: EHCP
Software: Easy hosting...
 

 
Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password.

 
2018-05-04
Low
CVE-2018-5446

Vendor: Medtronic
Software: 2090 carelin...
 

 
All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and password that is stored in a recoverable format which could allow an attacker with physical access to a 2090 Programmer to obtain per-product credentials to the software deployment network.

 
2018-05-03
Medium
CVE-2018-10641

Vendor: D-link
Software: Dir-601 firmware
 

 
D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top