CWE:
 

Tytuł
Data
Autor
High
ASUSTOR ADM 3.1.0.RFQ3 Remote Command Execution / SQL Injection
16.08.2018
Kyle Lovett
High
Yealink VoIP Phone SIP-T38G Default Credentials
18.07.2014
RingZer0 Team
High
Ammyy Admin 3.2 Access Bypass
21.01.2014
Bhadresh Patel
Low
Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
16.02.2011
VMware Security team
High
Comcast DOCSIS 3.0 Business Gateways Multiple Vulnerabilities
10.02.2011
Trustwave's SpiderLabs
High
Tandberg E, EX and C Series Endpoints Default Credentials for Root Account
05.02.2011
Cisco Security
High
RoomWizard Default Password and Sync Connector Credential Leak
15.01.2011
Sean Lam
High
SAP BusinessObjects Axis2 Default Admin Password
18.10.2010
HD Moore (HD_Moore rap...
Low
Synology Disk Station Web commands injection
02.10.2010
Rodrigo Branco
High
AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities
22.07.2010
MaXe
High
Linksys WAP54Gv3 Remote Debug Root Shell
13.06.2010
Cristofaro Mune
Low
Chrome Password Manager Cross Origin Weakness
20.02.2010
Timothy D. Morgan
High
evalSMSI 2.1.03 Multiple Input Validation Vulnerabilities
14.02.2010
Peter Van Eeckhoutte
High
HP Operations Agent 8.53 (solaris 10) Remote Unauthorized Access
11.02.2010
HP
High
GNU libc glibc: NIS shadow password
18.01.2010
Christoph Pleger
High
Exposing HMS HICP Protocol + Intellicom Remote Buffer Overflow
31.12.2009
Reversemode
High
news script HB-NS v1.3 Remote Admin Vulnerability
15.12.2009
kurdish hackers team
High
Radio istek scripti 2.5 remote configuration disclosure
27.11.2009
kurdish hackers team
High
Riorey \"RIOS\" Hardcoded Password Vulnerability
19.10.2009
Marek Kroemeke
High
Simple Machines Forum <= 1.1.5 Admin Reset Password Exploit (win32)
15.08.2009
Raz0r
Med.
X10media Mp3 Search Engine <= 1.6 Remote File Disclosure Vulnerability
14.08.2009
THUNDER
Med.
WordPress <= 2.8.3 Remote Admin Reset Password Vulnerability
11.08.2009
Laurent Gaffi
Med.
Gizmo SSL Certificate Vulnerability
11.07.2009
Gabriel Menezes Nunes
High
Multiple Flaws in Axesstel MV 410R
03.07.2009
Filip Palian
High
Multiple Flaws in Huawei D100
01.07.2009
Filip Palian
Med.
Blogator-script 0.95 Change User Password Vulnerbility
18.03.2009
hadihadi zedehal
Med.
PHPRunner SQL Injection
18.03.2009
AmnPardaz
Low
Constructr CMS <= 3.02.5 Stable Multiple Remote Vulnerabilities
07.01.2009
nukeit
Med.
Philips VOIP841 Multiple Vulnerabilities
03.11.2008
luca carettoni securen...
Low
Windows Mobile 6 insecure password handling and too short WLAN-password
09.10.2008
MC Iglo
High
Linksys/Cisco WRT350N 1.0.3.7 Insecure Samba Static Configuration
28.09.2008
Teh Kotak
Med.
Thickbox Gallery v2 (admins.php) Admin Data Disclosure Vulnerability
30.08.2008
SirGod
Med.
Crafty Syntax Live Help <= 2.14.6 SQL Injection
26.08.2008
GulfTech


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2019-09-06
Medium
CVE-2019-16060

Vendor: Airbrake
Software: Airbrake ruby
 

 
The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and earlier are unaffected).

 
2019-09-05
Low
CVE-2019-13349

Vendor: Knowage-suite
Software: Knowage
 

 
In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes.

 
Medium
CVE-2019-4321

Vendor: IBM
Software: Intelligent ...
 

 
IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 161201.

 
2019-09-04
Medium
CVE-2019-1976

Vendor: Cisco
Software: Network leve...
 

 
A vulnerability in the &ldquo;plug-and-play&rdquo; services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper access restrictions on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to access running configuration information about devices managed by the IND, including administrative credentials.

 
2019-08-29
Low
CVE-2019-3394

Vendor: Atlassian
Software: Confluence
 

 
There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <install-directory>/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability.

 
Medium
CVE-2019-15805

Vendor: Arris
Software: Tr4400 firmware
 

 
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this.

 
2019-08-28
Medium
CVE-2019-15294

Updating...
 

 
An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file.

 
Low
CVE-2019-13348

Vendor: ENG
Software: Knowage
 

 
In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases.

 
Medium
CVE-2019-11064

Vendor: Androvideo
Software: Vd 1 firmware
 

 
A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator?s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication.

 
2019-08-26
Medium
CVE-2019-4169

Vendor: IBM
Software: Open power
 

 
IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away from the default password. IBM X-Force ID: 158702.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top