CWE:
 

Topic
Date
Author
High
Yealink VoIP Phone SIP-T38G Default Credentials
18.07.2014
RingZer0 Team
High
Ammyy Admin 3.2 Access Bypass
21.01.2014
Bhadresh Patel
Low
Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
16.02.2011
VMware Security team
High
Comcast DOCSIS 3.0 Business Gateways Multiple Vulnerabilities
10.02.2011
Trustwave's SpiderLabs
High
Tandberg E, EX and C Series Endpoints Default Credentials for Root Account
05.02.2011
Cisco Security
High
RoomWizard Default Password and Sync Connector Credential Leak
15.01.2011
Sean Lam
High
SAP BusinessObjects Axis2 Default Admin Password
18.10.2010
HD Moore (HD_Moore rap...
Low
Synology Disk Station Web commands injection
02.10.2010
Rodrigo Branco
High
AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities
22.07.2010
MaXe
High
Linksys WAP54Gv3 Remote Debug Root Shell
13.06.2010
Cristofaro Mune
Low
Chrome Password Manager Cross Origin Weakness
20.02.2010
Timothy D. Morgan
High
evalSMSI 2.1.03 Multiple Input Validation Vulnerabilities
14.02.2010
Peter Van Eeckhoutte
High
HP Operations Agent 8.53 (solaris 10) Remote Unauthorized Access
11.02.2010
HP
High
GNU libc glibc: NIS shadow password
18.01.2010
Christoph Pleger
High
Exposing HMS HICP Protocol + Intellicom Remote Buffer Overflow
31.12.2009
Reversemode
High
news script HB-NS v1.3 Remote Admin Vulnerability
15.12.2009
kurdish hackers team
High
Radio istek scripti 2.5 remote configuration disclosure
27.11.2009
kurdish hackers team
High
Riorey \"RIOS\" Hardcoded Password Vulnerability
19.10.2009
Marek Kroemeke
High
Simple Machines Forum <= 1.1.5 Admin Reset Password Exploit (win32)
15.08.2009
Raz0r
Med.
X10media Mp3 Search Engine <= 1.6 Remote File Disclosure Vulnerability
14.08.2009
THUNDER
Med.
WordPress <= 2.8.3 Remote Admin Reset Password Vulnerability
11.08.2009
Laurent Gaffi
Med.
Gizmo SSL Certificate Vulnerability
11.07.2009
Gabriel Menezes Nunes
High
Multiple Flaws in Axesstel MV 410R
03.07.2009
Filip Palian
High
Multiple Flaws in Huawei D100
01.07.2009
Filip Palian
Med.
Blogator-script 0.95 Change User Password Vulnerbility
18.03.2009
hadihadi zedehal
Med.
PHPRunner SQL Injection
18.03.2009
AmnPardaz
Low
Constructr CMS <= 3.02.5 Stable Multiple Remote Vulnerabilities
07.01.2009
nukeit
Med.
Philips VOIP841 Multiple Vulnerabilities
03.11.2008
luca carettoni securen...
Low
Windows Mobile 6 insecure password handling and too short WLAN-password
09.10.2008
MC Iglo
High
Linksys/Cisco WRT350N 1.0.3.7 Insecure Samba Static Configuration
28.09.2008
Teh Kotak
Med.
Thickbox Gallery v2 (admins.php) Admin Data Disclosure Vulnerability
30.08.2008
SirGod
Med.
Crafty Syntax Live Help <= 2.14.6 SQL Injection
26.08.2008
GulfTech


CVEMAP Search Results

CVE
Details
Description
2018-03-29
Medium
CVE-2017-16839

Vendor: Hashicorp
Software: Vagrant vmwa...
 

 
Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed.

 
2018-03-27
Low
CVE-2018-7195

Vendor: Osticket
Software: Osticket
 

 
Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number.

 
2018-03-21
Low
CVE-2017-0925

Vendor: Gitlab
Software: Gitlab
 

 
Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.

 
2018-03-14
Low
CVE-2018-2402

Vendor: SAP
Software: HANA
 

 
In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system.

 
2018-03-13
Low
CVE-2018-1000104

Vendor: Jenkins
Software: Coverity
 

 
A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured keystore and private key passwords.

 
Medium
CVE-2018-6300

Vendor: Hanwha-security
Software: Snh-v6410pn ...
 

 
Remote password change in Hanwha Techwin Smartcams

 
2018-03-09
Medium
CVE-2014-4861

Vendor: Thycotic
Software: Secret server
 

 
The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended.

 
2018-03-07
Medium
CVE-2018-7204

Vendor: Giribaz
Software: File manager
 

 
inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not protected and contains database credentials, salts, etc. These files have been indexed by Google and a simple dork will find affected sites.

 
2018-03-05
Low
CVE-2018-7698

Vendor: D-link
Software: Mydlink+
 

 
An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L 1.05.04 and DCS-934L 1.05.04 devices. The mydlink+ app sends the username and password for connected D-Link cameras (such as DCS-933L and DCS-934L) unencrypted from the app to the camera, allowing attackers to obtain these credentials and gain control of the camera including the ability to view the camera's stream and make changes without the user's knowledge.

 
2018-03-02
Medium
CVE-2017-9278

Updating...
 

 
The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top