Total
755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2630 | 1 Bandainamcogames | 1 Madomagi-ip Android | 2012-06-06 | 4.3 MEDIUM | N/A |
| The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2010-4965 | 1 Dlink | 2 Dcs-2121, Dcs-2121 Firmware | 2012-05-14 | 9.0 HIGH | N/A |
| /etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server. | |||||
| CVE-2008-7309 | 1 Insoshi | 1 Insoshi | 2012-04-12 | 5.0 MEDIUM | N/A |
| Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost user_id value via a modified URL, related to a "mass assignment" vulnerability. | |||||
| CVE-2008-7311 | 1 Spreecommerce | 1 Spree | 2012-04-12 | 5.0 MEDIUM | N/A |
| The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file. | |||||
| CVE-2012-2054 | 1 Redmine | 1 Redmine | 2012-04-05 | 5.0 MEDIUM | N/A |
| Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a "mass assignment" vulnerability, a different vulnerability than CVE-2012-0327. | |||||
| CVE-2008-7310 | 1 Spreecommerce | 1 Spree | 2012-04-05 | 5.0 MEDIUM | N/A |
| Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a "mass assignment" vulnerability. | |||||
| CVE-2012-1288 | 1 Utc | 1 Utc Fire \& Security Ge-mc100-ntp\/gps-zb Master Clock Device | 2012-02-27 | 10.0 HIGH | N/A |
| The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP session. | |||||
| CVE-2011-4142 | 1 Emc | 1 Sourceone Email Management | 2012-01-19 | 2.1 LOW | N/A |
| The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files. | |||||
| CVE-2011-4678 | 1 Oneclickorgs | 1 One Click Orgs | 2011-12-08 | 5.0 MEDIUM | N/A |
| The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attackers to enumerate user accounts via a series of requests. | |||||
| CVE-2011-4555 | 1 Oneclickorgs | 1 One Click Orgs | 2011-12-08 | 4.0 MEDIUM | N/A |
| One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service (login disruption) or spoof votes or comments by selecting a conflicting e-mail address. | |||||
| CVE-2011-0354 | 1 Cisco | 3 Tandberg Endpoint, Tandberg Personal Video Unit, Tandberg Personal Video Unit Software | 2011-09-22 | 10.0 HIGH | N/A |
| The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method. | |||||
| CVE-2010-1383 | 2 Apple, Microsoft | 5 Cfnetwork, Safari, Windows 7 and 2 more | 2011-07-22 | 9.3 HIGH | N/A |
| CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue. | |||||
| CVE-2011-1906 | 1 Trustwave | 1 Webdefend | 2011-05-31 | 5.0 MEDIUM | N/A |
| Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756. | |||||
| CVE-2011-0756 | 1 Trustwave | 1 Webdefend | 2011-05-31 | 5.0 MEDIUM | N/A |
| The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port. | |||||
| CVE-2011-1822 | 1 Ibm | 1 Tivoli Directory Server | 2011-04-21 | 2.1 LOW | N/A |
| The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0009 stores a cleartext SHA password in the change log, which might allow local users to obtain sensitive information by reading this log. | |||||
| CVE-2010-4764 | 1 Otrs | 1 Otrs | 2011-03-22 | 5.0 MEDIUM | N/A |
| Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation signature. | |||||
| CVE-2010-1760 | 1 Apple | 1 Webkit | 2011-03-18 | 10.0 HIGH | N/A |
| loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150. | |||||
| CVE-2006-6239 | 1 Mailenable | 2 Netwebadmin Enterprise, Netwebadmin Professional | 2011-03-10 | 7.5 HIGH | N/A |
| webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty password. | |||||
| CVE-2009-0054 | 1 Cisco | 2 Ironport Encryption Appliance, Ironport Postx | 2011-03-08 | 4.3 MEDIUM | N/A |
| PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to capture credentials by tricking a user into reading a modified or crafted e-mail message. | |||||
| CVE-2009-0015 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management." | |||||