Check CVE Id
Check CWE Id
ASUSTOR ADM 3.1.0.RFQ3 Remote Command Execution / SQL Injection
Yealink VoIP Phone SIP-T38G Default Credentials
Ammyy Admin 3.2 Access Bypass
Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
VMware Security team
Comcast DOCSIS 3.0 Business Gateways Multiple Vulnerabilities
Tandberg E, EX and C Series Endpoints Default Credentials for Root Account
RoomWizard Default Password and Sync Connector Credential Leak
SAP BusinessObjects Axis2 Default Admin Password
HD Moore (HD_Moore rap...
Synology Disk Station Web commands injection
AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities
Linksys WAP54Gv3 Remote Debug Root Shell
Chrome Password Manager Cross Origin Weakness
Timothy D. Morgan
evalSMSI 2.1.03 Multiple Input Validation Vulnerabilities
Peter Van Eeckhoutte
HP Operations Agent 8.53 (solaris 10) Remote Unauthorized Access
GNU libc glibc: NIS shadow password
Exposing HMS HICP Protocol + Intellicom Remote Buffer Overflow
news script HB-NS v1.3 Remote Admin Vulnerability
kurdish hackers team
Radio istek scripti 2.5 remote configuration disclosure
kurdish hackers team
Riorey \"RIOS\" Hardcoded Password Vulnerability
Simple Machines Forum <= 1.1.5 Admin Reset Password Exploit (win32)
X10media Mp3 Search Engine <= 1.6 Remote File Disclosure Vulnerability
WordPress <= 2.8.3 Remote Admin Reset Password Vulnerability
Gizmo SSL Certificate Vulnerability
Gabriel Menezes Nunes
Multiple Flaws in Axesstel MV 410R
Multiple Flaws in Huawei D100
Blogator-script 0.95 Change User Password Vulnerbility
PHPRunner SQL Injection
Constructr CMS <= 3.02.5 Stable Multiple Remote Vulnerabilities
Philips VOIP841 Multiple Vulnerabilities
luca carettoni securen...
Windows Mobile 6 insecure password handling and too short WLAN-password
Linksys/Cisco WRT350N 126.96.36.199 Insecure Samba Static Configuration
Thickbox Gallery v2 (admins.php) Admin Data Disclosure Vulnerability
Crafty Syntax Live Help <= 2.14.6 SQL Injection
CVEMAP Search Results
A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.
The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected).
In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes.
IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V188.8.131.52, and IBM Water Operations for Waternamics V5.1.0 - V184.108.40.206 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201.
A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper access restrictions on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to access running configuration information about devices managed by the IND, including administrative credentials.
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this.
There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <install-directory>/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability.
Vd 1 firmware
A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator?s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication.
In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases.
An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file.
Back to Top