Total
755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7255 | 1 Amsn | 1 Amsn | 2010-06-03 | 4.6 MEDIUM | N/A |
| login_screen.tcl in aMSN (aka Alvaro's Messenger) before 0.97.1 saves a password after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation. | |||||
| CVE-2010-2083 | 1 Microsoft | 1 Dynamics Gp | 2010-05-27 | 4.0 MEDIUM | N/A |
| Microsoft Dynamics GP has a default value of ACCESS for the system password, which might make it easier for remote authenticated users to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2010-2082 | 1 Cisco | 1 Scientific Atlanta Webstar Dpc2100r2 | 2010-05-27 | 5.0 MEDIUM | N/A |
| The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 has a default administrative password (aka SAPassword) of W2402, which makes it easier for remote attackers to obtain privileged access. | |||||
| CVE-2010-0510 | 1 Apple | 1 Mac Os X Server | 2010-03-31 | 9.0 HIGH | N/A |
| Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password. | |||||
| CVE-2010-0444 | 2 Hp, Sun | 2 Operations Agent, Solaris | 2010-02-13 | 10.0 HIGH | N/A |
| HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a blank password for the opc_op account, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2010-0557 | 1 Ibm | 1 Cognos Express | 2010-02-08 | 7.5 HIGH | N/A |
| IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials. | |||||
| CVE-2010-0229 | 1 Verbatim | 1 Corporate Secure | 2010-01-08 | 4.6 MEDIUM | N/A |
| Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time. | |||||
| CVE-2009-4189 | 1 Hp | 1 Operations Manager | 2009-12-04 | 10.0 HIGH | N/A |
| HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3099 and CVE-2009-3843. | |||||
| CVE-2009-4188 | 1 Hp | 1 Operations Dashboard | 2009-12-04 | 10.0 HIGH | N/A |
| HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3098. | |||||
| CVE-2009-4096 | 1 Scriptlerim | 1 Radio Isetek Scripti | 2009-12-02 | 7.5 HIGH | N/A |
| RADIO istek scripti 2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user credentials via a direct request for estafresgaftesantusyan.inc. | |||||
| CVE-2009-2829 | 1 Apple | 1 Mac Os X Server | 2009-11-17 | 5.0 MEDIUM | N/A |
| Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection" issue. | |||||
| CVE-2009-3710 | 1 Riorey | 1 Rios | 2009-10-19 | 10.0 HIGH | N/A |
| RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain privileges via port 8022. | |||||
| CVE-2009-1075 | 1 Sun | 1 Java System Identity Manager | 2009-10-06 | 5.0 MEDIUM | N/A |
| Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2009-3166 | 1 Mozilla | 1 Bugzilla | 2009-09-19 | 5.0 MEDIUM | N/A |
| token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | |||||
| CVE-2009-2945 | 1 Stanford | 1 Webauth | 2009-09-16 | 4.3 MEDIUM | N/A |
| weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | |||||
| CVE-2008-7050 | 1 Wowraidmanager | 1 Wowraidmanager | 2009-08-24 | 7.5 HIGH | N/A |
| The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password. | |||||
| CVE-2009-1933 | 1 Sun | 2 Opensolaris, Solaris | 2009-06-23 | 4.7 MEDIUM | N/A |
| Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117, does not properly manage credential caches, which allows local users to access Kerberized NFS mount points and Kerberized NFS shares via unspecified vectors. | |||||
| CVE-2009-1682 | 1 Apple | 1 Safari | 2009-06-19 | 4.3 MEDIUM | N/A |
| Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate. | |||||
| CVE-2009-1273 | 1 Andrew J.korty | 1 Pam Ssh | 2009-05-13 | 5.0 MEDIUM | N/A |
| pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames. | |||||
| CVE-2009-0617 | 1 Cisco | 1 Application Networking Manager | 2009-03-03 | 10.0 HIGH | N/A |
| Cisco Application Networking Manager (ANM) before 2.0 uses a default MySQL root password, which makes it easier for remote attackers to execute arbitrary operating-system commands or change system files. | |||||