Total
774 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4091 | 1 Imperva | 1 Securesphere | 2025-04-11 | 7.5 HIGH | N/A |
| The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2013-3615 | 1 Dahuasecurity | 65 Dvr0404hd-a, Dvr0404hd-l, Dvr0404hd-s and 62 more | 2025-04-11 | 7.8 HIGH | N/A |
| Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack. | |||||
| CVE-2012-2284 | 2 Emc, Microsoft | 2 Networker Module For Microsoft Applications, Exchange Server | 2025-04-11 | 2.1 LOW | N/A |
| The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors. | |||||
| CVE-2013-2959 | 1 Ibm | 1 Infosphere Optim Data Growth For Oracle E-business Suite | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not provide an encrypted session for transmitting login credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-4651 | 1 Siemens | 17 Scalance W700 Series Firmware, Scalance W744-1, Scalance W744-1pro and 14 more | 2025-04-11 | 6.6 MEDIUM | N/A |
| Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship. | |||||
| CVE-2013-6884 | 1 Cru-inc | 2 Ditto Forensic Fieldstation, Ditto Forensic Fieldstation Firmware | 2025-04-11 | 10.0 HIGH | N/A |
| The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges. | |||||
| CVE-2013-3454 | 1 Cisco | 11 Telepresence System 1300, Telepresence System 1300-65, Telepresence System 3000 and 8 more | 2025-04-11 | 10.0 HIGH | N/A |
| Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via HTTPS requests, aka Bug ID CSCui43128. | |||||
| CVE-2013-3038 | 1 Ibm | 1 Rational Requirements Composer | 2025-04-11 | 5.4 MEDIUM | N/A |
| Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for remote attackers to discover credentials via unknown vectors. | |||||
| CVE-2011-2024 | 1 Cisco | 1 Cns Network Registrar | 2025-04-11 | 10.0 HIGH | N/A |
| Cisco Network Registrar before 7.2 has a default administrative password, which makes it easier for remote attackers to obtain access via a TCP session, aka Bug ID CSCsm50627. | |||||
| CVE-2012-3720 | 1 Apple | 1 Mac Os X | 2025-04-11 | 4.3 MEDIUM | N/A |
| Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 saves password hashes for external-account use even if external accounts are not enabled, which might allow remote attackers to determine passwords via unspecified access to a mobile account. | |||||
| CVE-2010-3122 | 1 Devonit | 1 Thin-client Management Tool | 2025-04-11 | 5.0 MEDIUM | N/A |
| The DevonIT thin-client management tool relies on a shared secret for authentication but transmits the secret in cleartext, which makes it easier for remote attackers to discover the secret value, and consequently obtain administrative control over client machines, by sniffing the network. | |||||
| CVE-2013-1815 | 1 Redhat | 3 Openstack Essex, Openstack Folsom, Packstack | 2025-04-11 | 4.4 MEDIUM | N/A |
| PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file. | |||||
| CVE-2013-5535 | 1 Cisco | 3 Video Surveillance 4000 Ip Camera, Video Surveillance 4300e Ip Camera, Video Surveillance 4500e Ip Camera | 2025-04-11 | 6.4 MEDIUM | N/A |
| The analytics page on Cisco Video Surveillance 4000 IP cameras has hardcoded credentials, which allows remote attackers to watch the video feed by leveraging knowledge of the password, aka Bug IDs CSCuj70402 and CSCuj70419. | |||||
| CVE-2011-1690 | 1 Bestpractical | 1 Rt | 2025-04-11 | 4.3 MEDIUM | N/A |
| Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors. | |||||
| CVE-2008-7311 | 1 Spreecommerce | 1 Spree | 2025-04-11 | 5.0 MEDIUM | N/A |
| The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file. | |||||
| CVE-2012-4588 | 1 Mcafee | 2 Enterprise Mobility Manager, Enterprise Mobility Manager Agent | 2025-04-11 | 4.3 MEDIUM | N/A |
| McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administrator may wish to unlock, which allows remote attackers to cause a denial of service (excessive list size in the EMM Database) via a long sequence of login attempts with different usernames. | |||||
| CVE-2013-5450 | 1 Ibm | 1 Security Appscan | 2025-04-11 | 4.0 MEDIUM | N/A |
| IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authentication is enabled, allows man-in-the-middle attackers to obtain sensitive information or modify data by leveraging an improperly protected URL to obtain a session token. | |||||
| CVE-2013-3455 | 1 Cisco | 1 Finesse | 2025-04-11 | 5.0 MEDIUM | N/A |
| Cisco Finesse allows remote attackers to obtain sensitive information by sniffing the network for HTTP query data, aka Bug ID CSCug16732. | |||||
| CVE-2012-4733 | 1 Bestpractical | 1 Rt | 2025-04-11 | 6.0 MEDIUM | N/A |
| Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors. | |||||
| CVE-2011-4966 | 1 Freeradius | 1 Freeradius | 2025-04-11 | 6.0 MEDIUM | N/A |
| modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password. | |||||