Total
736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7310 | 1 Spreecommerce | 1 Spree | 2012-04-05 | 5.0 MEDIUM | N/A |
| Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a "mass assignment" vulnerability. | |||||
| CVE-2012-1288 | 1 Utc | 1 Utc Fire \& Security Ge-mc100-ntp\/gps-zb Master Clock Device | 2012-02-26 | 10.0 HIGH | N/A |
| The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP session. | |||||
| CVE-2011-4142 | 1 Emc | 1 Sourceone Email Management | 2012-01-19 | 2.1 LOW | N/A |
| The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files. | |||||
| CVE-2011-4678 | 1 Oneclickorgs | 1 One Click Orgs | 2011-12-07 | 5.0 MEDIUM | N/A |
| The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attackers to enumerate user accounts via a series of requests. | |||||
| CVE-2011-4555 | 1 Oneclickorgs | 1 One Click Orgs | 2011-12-07 | 4.0 MEDIUM | N/A |
| One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service (login disruption) or spoof votes or comments by selecting a conflicting e-mail address. | |||||
| CVE-2011-0354 | 1 Cisco | 3 Tandberg Endpoint, Tandberg Personal Video Unit, Tandberg Personal Video Unit Software | 2011-09-21 | 10.0 HIGH | N/A |
| The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method. | |||||
| CVE-2010-1383 | 2 Apple, Microsoft | 5 Cfnetwork, Safari, Windows 7 and 2 more | 2011-07-21 | 9.3 HIGH | N/A |
| CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue. | |||||
| CVE-2011-0756 | 1 Trustwave | 1 Webdefend | 2011-05-30 | 5.0 MEDIUM | N/A |
| The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port. | |||||
| CVE-2011-1906 | 1 Trustwave | 1 Webdefend | 2011-05-30 | 5.0 MEDIUM | N/A |
| Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756. | |||||
| CVE-2011-1822 | 1 Ibm | 1 Tivoli Directory Server | 2011-04-21 | 2.1 LOW | N/A |
| The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0009 stores a cleartext SHA password in the change log, which might allow local users to obtain sensitive information by reading this log. | |||||
| CVE-2010-4764 | 1 Otrs | 1 Otrs | 2011-03-21 | 5.0 MEDIUM | N/A |
| Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation signature. | |||||
| CVE-2010-1760 | 1 Apple | 1 Webkit | 2011-03-17 | 10.0 HIGH | N/A |
| loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150. | |||||
| CVE-2006-6239 | 1 Mailenable | 2 Netwebadmin Enterprise, Netwebadmin Professional | 2011-03-09 | 7.5 HIGH | N/A |
| webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty password. | |||||
| CVE-2009-0015 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management." | |||||
| CVE-2009-0054 | 1 Cisco | 2 Ironport Encryption Appliance, Ironport Postx | 2011-03-07 | 4.3 MEDIUM | N/A |
| PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to capture credentials by tricking a user into reading a modified or crafted e-mail message. | |||||
| CVE-2008-4646 | 1 Websense | 1 Enterpise | 2011-03-07 | 2.1 LOW | N/A |
| The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log, which allows local users to gain privileges to the database. | |||||
| CVE-2008-3235 | 1 Ibm | 1 Websphere Application Server | 2011-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors. | |||||
| CVE-2007-4994 | 1 Redhat | 1 Certificate Server | 2011-03-07 | 7.5 HIGH | N/A |
| Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL. | |||||
| CVE-2010-4733 | 1 Intellicom | 7 Netbiter Easyconnect Ec150, Netbiter Modbus Rtu-tcp Gateway Mb100, Netbiter Nb100 and 4 more | 2011-02-14 | 10.0 HIGH | N/A |
| WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms have a default username and password, which makes it easier for remote attackers to obtain superadmin access via the web interface, a different vulnerability than CVE-2009-4463. | |||||
| CVE-2010-4094 | 1 Ibm | 2 Rational Quality Manager, Rational Test Lab Manager | 2011-01-10 | 5.0 MEDIUM | N/A |
| The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548. | |||||