Search Results (782 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-2630 1 Bandainamcogames 1 Madomagi-ip Android 2025-04-11 N/A
The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a crafted application.
CVE-2012-2664 1 Redhat 2 Enterprise Linux, Sos 2025-04-11 N/A
The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes.
CVE-2012-2690 2 Libguestfs, Redhat 2 Libguestfs, Enterprise Linux 2025-04-11 N/A
virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information.
CVE-2012-2742 1 Mikel Olasagasti 1 Revelation 2025-04-11 N/A
Revelation 0.4.13-2 and earlier uses only the first 32 characters of a password followed by a sequence of zeros, which reduces the entropy and makes it easier for context-dependent attackers to crack passwords and obtain access to keys via a brute-force attack.
CVE-2012-2743 1 Mikel Olasagasti 1 Revelation 2025-04-11 N/A
Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack.
CVE-2012-3538 2 Cloudforms Tools, Redhat 2 1, Cloudforms 2025-04-11 N/A
Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log.
CVE-2012-4362 1 Hp 2 San\/iq, Virtual San Appliance 2025-04-11 N/A
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.
CVE-2012-4574 2 Cloudforms Tools, Redhat 3 1, Cloudforms, Rhui 2025-04-11 N/A
Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file.
CVE-2013-4576 2 Gnupg, Redhat 2 Gnupg, Enterprise Linux 2025-04-11 N/A
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.
CVE-2013-4616 1 Apple 1 Iphone Os 2025-04-11 N/A
The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases.
CVE-2013-4622 1 Htc 1 Droid Incredible 2025-04-11 N/A
The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
CVE-2013-4629 1 Huawei 2 Vp 9610, Vp 9620 2025-04-11 N/A
The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method.
CVE-2013-5400 1 Ibm 1 Platform Symphony 2025-04-11 N/A
An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local environment" access via unknown vectors.
CVE-2013-5430 1 Ibm 1 Security Appscan 2025-04-11 N/A
The Jazz Team Server component in IBM Security AppScan Enterprise 8.x before 8.8 has a default username and password, which makes it easier for remote authenticated users to obtain unspecified access to this component by leveraging this credential information in an environment with applicable component installation details.
CVE-2012-3981 1 Mozilla 1 Bugzilla 2025-04-11 N/A
Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt.
CVE-2012-4610 1 Emc 1 Avamar 2025-04-11 N/A
EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to the proxy client.
CVE-2012-4697 1 Turck 4 Bl20 Programmable Gateway, Bl20 Programmable Gateway Firmware, Bl67 Programmable Gateway and 1 more 2025-04-11 N/A
TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allows remote attackers to obtain administrative access via an FTP session.
CVE-2012-4702 1 360systems 3 Image Server 2000, Image Server Maxx, Maxx 2025-04-11 N/A
360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hardcoded password for the root account, which makes it easier for remote attackers to execute arbitrary code, or modify video content or scheduling, via an SSH session.
CVE-2012-4733 1 Bestpractical 1 Rt 2025-04-11 N/A
Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.
CVE-2012-4856 1 Ibm 2 Power 5, Power 5 System Firmware 2025-04-11 N/A
The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors.