Search Results (2329 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-1135 1 Tiki 1 Tikiwiki Cms\/groupware 2025-04-11 N/A
The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse.
CVE-2010-1383 2 Apple, Microsoft 5 Cfnetwork, Safari, Windows 7 and 2 more 2025-04-11 N/A
CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue.
CVE-2013-3612 1 Dahuasecurity 65 Dvr0404hd-a, Dvr0404hd-l, Dvr0404hd-s and 62 more 2025-04-11 N/A
Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.
CVE-2013-3279 1 Emc 1 Atmos 2025-04-11 N/A
EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection.
CVE-2010-1487 1 Ibm 1 Lotus Notes 2025-04-11 N/A
IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.
CVE-2010-1760 1 Apple 1 Webkit 2025-04-11 N/A
loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150.
CVE-2013-3278 1 Emc 4 Geosynchrony, Vplex Geo, Vplex Local and 1 more 2025-04-11 N/A
EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file.
CVE-2010-1940 2 Apple, Microsoft 2 Safari, Windows 2025-04-11 N/A
Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-2082 1 Cisco 1 Scientific Atlanta Webstar Dpc2100r2 2025-04-11 N/A
The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 has a default administrative password (aka SAPassword) of W2402, which makes it easier for remote attackers to obtain privileged access.
CVE-2010-2083 1 Microsoft 1 Dynamics Gp 2025-04-11 N/A
Microsoft Dynamics GP has a default value of ACCESS for the system password, which might make it easier for remote authenticated users to bypass intended access restrictions via unspecified vectors.
CVE-2010-2387 1 Gnome 1 Gnome Display Manager 2025-04-11 N/A
vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.
CVE-2010-2467 3 Linearcorp, S2sys, Sonitrol 4 Emerge 50, Emerge 5000, Netbox and 1 more 2025-04-11 N/A
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests.
CVE-2010-2469 1 Linearcorp 2 Emerge 50, Emerge 5000 2025-04-11 N/A
The Linear eMerge 50 and 5000 uses a default password of eMerge for the IEIeMerge account, which makes it easier for remote attackers to obtain Video Recorder data by establishing a session to the device.
CVE-2012-1844 3 Dell, Ibm, Quantum 9 Powervault Ml6000, Powervault Ml6000 Firmware, Powervault Ml6010 and 6 more 2025-04-11 N/A
The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors.
CVE-2012-2054 1 Redmine 1 Redmine 2025-04-11 N/A
Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a "mass assignment" vulnerability, a different vulnerability than CVE-2012-0327.
CVE-2012-0794 1 Moodle 1 Moodle 2025-04-11 N/A
The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution.
CVE-2012-0402 1 Rsa 1 Envision 2025-04-11 N/A
EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded credentials, which makes it easier for remote attackers to obtain access via unknown vectors.
CVE-2010-2495 3 Canonical, Linux, Suse 5 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 2 more 2025-04-11 N/A
The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change.
CVE-2012-2173 1 Ibm 1 Security Appscan Source 2025-04-11 N/A
The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2010-2928 1 Vmware 1 Vcenter Server 2025-04-11 N/A
The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file.