Total
736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6687 | 1 Cisco | 1 Webex Meetings Server | 2014-01-17 | 4.0 MEDIUM | N/A |
| The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source code, aka Bug ID CSCul33876. | |||||
| CVE-2013-2819 | 1 Sierrawireless | 19 Airlink Mp At\&t, Airlink Mp At\&t Wifi, Airlink Mp Bell and 16 more | 2014-01-16 | 9.3 HIGH | N/A |
| The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action. | |||||
| CVE-2013-5037 | 1 Hot | 2 Hotbox Router, Hotbox Router Firmware | 2013-12-30 | 3.3 LOW | N/A |
| The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages. | |||||
| CVE-2013-7004 | 1 D-link | 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more | 2013-12-19 | 7.8 HIGH | N/A |
| D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username. | |||||
| CVE-2013-5636 | 1 Checkpoint | 1 Endpoint Security | 2013-12-02 | 3.3 LOW | N/A |
| Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by overwriting DVREM.EPM with a copy of itself after each few password guesses. | |||||
| CVE-2013-5635 | 1 Checkpoint | 1 Endpoint Security | 2013-12-02 | 3.3 LOW | N/A |
| Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by entering password guesses within multiple Unlock.exe processes that are running simultaneously. | |||||
| CVE-2013-3505 | 1 Gwos | 1 Groundwork Monitor | 2013-11-24 | 4.0 MEDIUM | N/A |
| The Nagios-App component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to bypass intended access restrictions via a direct request for a (1) log file or (2) configuration file. | |||||
| CVE-2013-5193 | 1 Apple | 1 Iphone Os | 2013-11-19 | 4.7 MEDIUM | N/A |
| The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials. | |||||
| CVE-2013-5558 | 1 Cisco | 1 Telepresence Vx Clinical Assistant | 2013-11-08 | 10.0 HIGH | N/A |
| The WIL-A module in Cisco TelePresence VX Clinical Assistant 1.2 before 1.21 changes the admin password to an empty password upon a reboot, which makes it easier for remote attackers to obtain access via the administrative interface, aka Bug ID CSCuj17238. | |||||
| CVE-2013-3502 | 1 Gwos | 1 Groundwork Monitor | 2013-11-02 | 6.5 MEDIUM | N/A |
| monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands, and consequently obtain sensitive information, by leveraging a JOSSO SSO cookie. | |||||
| CVE-2013-4616 | 1 Apple | 1 Iphone Os | 2013-10-25 | 5.8 MEDIUM | N/A |
| The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases. | |||||
| CVE-2013-5535 | 1 Cisco | 3 Video Surveillance 4000 Ip Camera, Video Surveillance 4300e Ip Camera, Video Surveillance 4500e Ip Camera | 2013-10-17 | 6.4 MEDIUM | N/A |
| The analytics page on Cisco Video Surveillance 4000 IP cameras has hardcoded credentials, which allows remote attackers to watch the video feed by leveraging knowledge of the password, aka Bug IDs CSCuj70402 and CSCuj70419. | |||||
| CVE-2013-3279 | 1 Emc | 1 Atmos | 2013-10-17 | 5.0 MEDIUM | N/A |
| EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection. | |||||
| CVE-2013-2579 | 1 Tp-link | 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more | 2013-10-15 | 10.0 HIGH | N/A |
| TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded "qmik" account, which allows remote attackers to obtain administrative access via a TELNET session. | |||||
| CVE-2013-3272 | 1 Emc | 1 Replication Manager | 2013-10-11 | 2.1 LOW | N/A |
| EMC Replication Manager (RM) before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an unspecified decoding attack. | |||||
| CVE-2012-4879 | 1 Wago | 1 Wago I\/o System 758 Industrial Pc Device | 2013-10-11 | 10.0 HIGH | N/A |
| The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a default password of guest for the guest account, which makes it easier for remote attackers to obtain login access via a TELNET session, a different vulnerability than CVE-2012-3013. | |||||
| CVE-2013-3409 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution | 2013-10-10 | 4.3 MEDIUM | N/A |
| The portal in Cisco Prime Central for Hosted Collaboration Solution (HCS) places cleartext credentials in temporary files, which allows local users to obtain sensitive information by leveraging weak file permissions to read these files, aka Bug IDs CSCuh33735 and CSCuh34230. | |||||
| CVE-2012-3013 | 1 Wago | 1 Wago I\/o System 758 Industrial Pc Device | 2013-10-08 | 10.0 HIGH | N/A |
| WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices have default passwords for unspecified Web Based Management accounts, which makes it easier for remote attackers to obtain administrative access via a TCP session. | |||||
| CVE-2013-3271 | 1 Emc | 1 Rsa Authentication Agent | 2013-10-07 | 5.0 MEDIUM | N/A |
| EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it easier for remote attackers to discover correct login credentials via a brute-force attack. | |||||
| CVE-2013-3585 | 1 Samsung | 2 Dvr, Smart Viewer | 2013-10-07 | 5.0 MEDIUM | N/A |
| Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup web page. | |||||