CWE:
 

Topic
Date
Author
High
ASUSTOR ADM 3.1.0.RFQ3 Remote Command Execution / SQL Injection
16.08.2018
Kyle Lovett
High
Yealink VoIP Phone SIP-T38G Default Credentials
18.07.2014
RingZer0 Team
High
Ammyy Admin 3.2 Access Bypass
21.01.2014
Bhadresh Patel
Low
Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
16.02.2011
VMware Security team
High
Comcast DOCSIS 3.0 Business Gateways Multiple Vulnerabilities
10.02.2011
Trustwave's SpiderLabs
High
Tandberg E, EX and C Series Endpoints Default Credentials for Root Account
05.02.2011
Cisco Security
High
RoomWizard Default Password and Sync Connector Credential Leak
15.01.2011
Sean Lam
High
SAP BusinessObjects Axis2 Default Admin Password
18.10.2010
HD Moore (HD_Moore rap...
Low
Synology Disk Station Web commands injection
02.10.2010
Rodrigo Branco
High
AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities
22.07.2010
MaXe
High
Linksys WAP54Gv3 Remote Debug Root Shell
13.06.2010
Cristofaro Mune
Low
Chrome Password Manager Cross Origin Weakness
20.02.2010
Timothy D. Morgan
High
evalSMSI 2.1.03 Multiple Input Validation Vulnerabilities
14.02.2010
Peter Van Eeckhoutte
High
HP Operations Agent 8.53 (solaris 10) Remote Unauthorized Access
11.02.2010
HP
High
GNU libc glibc: NIS shadow password
18.01.2010
Christoph Pleger
High
Exposing HMS HICP Protocol + Intellicom Remote Buffer Overflow
31.12.2009
Reversemode
High
news script HB-NS v1.3 Remote Admin Vulnerability
15.12.2009
kurdish hackers team
High
Radio istek scripti 2.5 remote configuration disclosure
27.11.2009
kurdish hackers team
High
Riorey \"RIOS\" Hardcoded Password Vulnerability
19.10.2009
Marek Kroemeke
High
Simple Machines Forum <= 1.1.5 Admin Reset Password Exploit (win32)
15.08.2009
Raz0r
Med.
X10media Mp3 Search Engine <= 1.6 Remote File Disclosure Vulnerability
14.08.2009
THUNDER
Med.
WordPress <= 2.8.3 Remote Admin Reset Password Vulnerability
11.08.2009
Laurent Gaffi
Med.
Gizmo SSL Certificate Vulnerability
11.07.2009
Gabriel Menezes Nunes
High
Multiple Flaws in Axesstel MV 410R
03.07.2009
Filip Palian
High
Multiple Flaws in Huawei D100
01.07.2009
Filip Palian
Med.
Blogator-script 0.95 Change User Password Vulnerbility
18.03.2009
hadihadi zedehal
Med.
PHPRunner SQL Injection
18.03.2009
AmnPardaz
Low
Constructr CMS <= 3.02.5 Stable Multiple Remote Vulnerabilities
07.01.2009
nukeit
Med.
Philips VOIP841 Multiple Vulnerabilities
03.11.2008
luca carettoni securen...
Low
Windows Mobile 6 insecure password handling and too short WLAN-password
09.10.2008
MC Iglo
High
Linksys/Cisco WRT350N 1.0.3.7 Insecure Samba Static Configuration
28.09.2008
Teh Kotak
Med.
Thickbox Gallery v2 (admins.php) Admin Data Disclosure Vulnerability
30.08.2008
SirGod
Med.
Crafty Syntax Live Help <= 2.14.6 SQL Injection
26.08.2008
GulfTech


CVEMAP Search Results

CVE
Details
Description
2019-08-07
Low
CVE-2019-10385

Vendor: Jenkins
Software: Eggplant
 

 
Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

 
Low
CVE-2019-10379

Vendor: Google
Software: Cloud messag...
 

 
Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

 
Low
CVE-2019-10378

Vendor: Jenkins
Software: Testlink
 

 
Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

 
Low
CVE-2019-10370

Vendor: Jenkins
Software: Mask passwords
 

 
Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure.

 
2019-08-06
Medium
CVE-2019-14709

Vendor: Microdigital
Software: Mdc-n2190v f...
 

 
A cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The file in question is /usr/local/ipsca/mipsca.db. If a camera is compromised, the attacker can gain access to passwords and abuse them to compromise further systems.

 
Medium
CVE-2016-10791

Vendor: Cpanel
Software: Cpanel
 

 
cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559).

 
2019-08-05
Low
CVE-2017-18470

Vendor: Cpanel
Software: Cpanel
 

 
cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196).

 
2019-08-01
Low
CVE-2016-10821

Vendor: Cpanel
Software: Cpanel
 

 
In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75).

 
2019-07-31
Low
CVE-2019-10345

Vendor: Jenkins
Software: Configuratio...
 

 
Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export.

 
Low
CVE-2019-10361

Vendor: Jenkins
Software: M2release
 

 
Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top