Total
736 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-2291 | 1 Symantec | 1 Altiris Deployment Solution | 2019-10-09 | 7.5 HIGH | N/A |
axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials. | |||||
CVE-2016-10791 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 5.0 MEDIUM | 5.3 MEDIUM |
cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559). | |||||
CVE-2017-18470 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 8.8 HIGH |
cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196). | |||||
CVE-2016-10821 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75). | |||||
CVE-2014-4363 | 1 Apple | 2 Iphone Os, Safari | 2019-07-16 | 5.0 MEDIUM | N/A |
Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element. | |||||
CVE-2017-6900 | 1 Riello-ups | 2 Netman 204, Netman 204 Firmware | 2019-07-15 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command injection. Further to this, VAL0 and VAL1 should be sanitised to ensure they do not contain malicious characters. Passing it the username of '-' will cause it to time out and log the user in because of poor error handling. This will log the attacker in as an administrator where the telnet / ssh services can be enabled, and the credentials for local users can be reset. Also, login.cgi accepts the username as a GET parameter, so login can be achieved by browsing to the /cgi-bin/login.cgi?username=-%20a URI. | |||||
CVE-2017-9326 | 1 Cloudera | 1 Cloudera Manager | 2019-07-11 | 3.5 LOW | 7.5 HIGH |
The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. The keystore file itself is not exposed. | |||||
CVE-2017-8229 | 1 Amcrest | 2 Ipm-721s, Ipm-721s Firmware | 2019-07-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary "sonia" is the one that has the vulnerable function that sets up the default credentials on the device. If one opens this binary in IDA-pro one will notice that this follows a ARM little endian format. The function sub_436D6 in IDA pro is identified to be setting up the configuration for the device. If one scrolls to the address 0x000437C2 then one can see that /current_config is being set as an ALIAS for /mnt/mtd/Config folder on the device. If one TELNETs into the device and navigates to /mnt/mtd/Config folder, one can observe that it contains various files such as Account1, Account2, SHAACcount1, etc. This means that if one navigates to http://[IPofcamera]/current_config/Sha1Account1 then one should be able to view the content of the files. The security researchers assumed that this was only possible only after authentication to the device. However, when unauthenticated access tests were performed for the same URL as provided above, it was observed that the device file could be downloaded without any authentication. | |||||
CVE-2013-4962 | 1 Puppet | 1 Puppet Enterprise | 2019-07-10 | 5.8 MEDIUM | N/A |
The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors. | |||||
CVE-2013-4967 | 1 Puppet | 1 Puppet Enterprise | 2019-07-10 | 5.0 MEDIUM | N/A |
Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes. | |||||
CVE-2016-2203 | 1 Symantec | 1 Messaging Gateway | 2019-06-25 | 2.1 LOW | 7.8 HIGH |
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. | |||||
CVE-2016-3952 | 1 Web2py | 1 Web2py | 2019-06-21 | 2.1 LOW | 7.8 HIGH |
web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/template_examples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access. | |||||
CVE-2017-10718 | 1 Ishekar | 2 Endoscope Camera, Endoscope Camera Firmware | 2019-06-20 | 4.0 MEDIUM | 6.5 MEDIUM |
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that any malicious user connecting to the device can change the default SSID and password thereby denying the owner an access to his/her own device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. | |||||
CVE-2017-9385 | 1 Getvera | 4 Veraedge, Veraedge Firmware, Veralite and 1 more | 2019-06-20 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the username and the password in the /etc/cmh/cmh.conf file which can be extracted by an attacker using a directory traversal attack, and then log in to the device with the highest privileges. | |||||
CVE-2017-13717 | 1 Starry | 2 S00111, S00111 Firmware | 2019-06-11 | 4.3 MEDIUM | 8.8 HIGH |
Starry Station (aka Starry Router) sets the Access-Control-Allow-Origin header to "*". This allows any hosted file on any domain to make calls to the device's webserver and brute force the credentials and pull any information that is stored on the device. In this case, a user's Wi-Fi credentials are stored in clear text on the device and can be pulled easily. | |||||
CVE-2014-2226 | 1 Ui | 1 Unifi Controller | 2019-06-10 | 2.6 LOW | N/A |
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2018-6443 | 2 Brocade, Netapp | 2 Network Advisor, Brocade Network Advisor | 2019-05-23 | 4.3 MEDIUM | 8.1 HIGH |
A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console. | |||||
CVE-2015-6095 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8 and 4 more | 2019-05-17 | 4.9 MEDIUM | N/A |
Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles password changes, which allows physically proximate attackers to bypass authentication, and conduct decryption attacks against certain BitLocker configurations, by connecting to an unintended Key Distribution Center (KDC), aka "Windows Kerberos Security Feature Bypass." | |||||
CVE-2019-7690 | 1 Mobatek | 1 Mobaxterm | 2019-05-15 | 5.0 MEDIUM | 9.8 CRITICAL |
In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH private key and its password can be retrieved from process memory for the lifetime of the process, even after the user disconnects from the remote SSH server. This affects Passwordless Authentication that has a Password Protected SSH Private Key. | |||||
CVE-2014-1812 | 1 Microsoft | 6 Windows 7, Windows 8, Windows 8.1 and 3 more | 2019-05-13 | 9.0 HIGH | N/A |
The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share, as exploited in the wild in May 2014, aka "Group Policy Preferences Password Elevation of Privilege Vulnerability." |