Check CVE Id
Check CWE Id
ASUSTOR ADM 3.1.0.RFQ3 Remote Command Execution / SQL Injection
Yealink VoIP Phone SIP-T38G Default Credentials
Ammyy Admin 3.2 Access Bypass
Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
VMware Security team
Comcast DOCSIS 3.0 Business Gateways Multiple Vulnerabilities
Tandberg E, EX and C Series Endpoints Default Credentials for Root Account
RoomWizard Default Password and Sync Connector Credential Leak
SAP BusinessObjects Axis2 Default Admin Password
HD Moore (HD_Moore rap...
Synology Disk Station Web commands injection
AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities
Linksys WAP54Gv3 Remote Debug Root Shell
Chrome Password Manager Cross Origin Weakness
Timothy D. Morgan
evalSMSI 2.1.03 Multiple Input Validation Vulnerabilities
Peter Van Eeckhoutte
HP Operations Agent 8.53 (solaris 10) Remote Unauthorized Access
GNU libc glibc: NIS shadow password
Exposing HMS HICP Protocol + Intellicom Remote Buffer Overflow
news script HB-NS v1.3 Remote Admin Vulnerability
kurdish hackers team
Radio istek scripti 2.5 remote configuration disclosure
kurdish hackers team
Riorey \"RIOS\" Hardcoded Password Vulnerability
Simple Machines Forum <= 1.1.5 Admin Reset Password Exploit (win32)
X10media Mp3 Search Engine <= 1.6 Remote File Disclosure Vulnerability
WordPress <= 2.8.3 Remote Admin Reset Password Vulnerability
Gizmo SSL Certificate Vulnerability
Gabriel Menezes Nunes
Multiple Flaws in Axesstel MV 410R
Multiple Flaws in Huawei D100
Blogator-script 0.95 Change User Password Vulnerbility
PHPRunner SQL Injection
Constructr CMS <= 3.02.5 Stable Multiple Remote Vulnerabilities
Philips VOIP841 Multiple Vulnerabilities
luca carettoni securen...
Windows Mobile 6 insecure password handling and too short WLAN-password
Linksys/Cisco WRT350N 126.96.36.199 Insecure Samba Static Configuration
Thickbox Gallery v2 (admins.php) Admin Data Disclosure Vulnerability
Crafty Syntax Live Help <= 2.14.6 SQL Injection
CVEMAP Search Results
A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This affects an unknown part. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216273 was assigned to this vulnerability.
A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.
The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected).
In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes.
IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V188.8.131.52, and IBM Water Operations for Waternamics V5.1.0 - V184.108.40.206 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201.
A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper access restrictions on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to access running configuration information about devices managed by the IND, including administrative credentials.
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this.
There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <install-directory>/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability.
An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file.
In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases.
Back to Top