Search Results (2329 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-4952 1 Dentrix 1 G5 2025-04-11 N/A
Henry Schein Dentrix G5 before 15.1.294 has a single internal-database password that is shared across different customers' installations, which allows remote attackers to obtain sensitive information about patients by leveraging knowledge of this password from another installation.
CVE-2012-0700 1 Ibm 2 Infosphere Fasttrack, Infosphere Information Server 2025-04-11 N/A
The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors.
CVE-2010-3319 1 Ibm 1 Filenet Content Manager 2025-04-11 N/A
IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file.
CVE-2011-3434 1 Apple 1 Iphone Os 2025-04-11 N/A
The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
CVE-2012-0034 1 Redhat 4 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Soa Platform and 1 more 2025-04-11 N/A
The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.
CVE-2012-2054 1 Redmine 1 Redmine 2025-04-11 N/A
Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a "mass assignment" vulnerability, a different vulnerability than CVE-2012-0327.
CVE-2012-2664 1 Redhat 2 Enterprise Linux, Sos 2025-04-11 N/A
The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes.
CVE-2010-0510 1 Apple 1 Mac Os X Server 2025-04-11 N/A
Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password.
CVE-2012-2299 2 Drupal, Ubercart 2 Drupal, Ubercart 2025-04-11 N/A
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database.
CVE-2010-0557 1 Ibm 1 Cognos Express 2025-04-11 N/A
IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials.
CVE-2013-1170 1 Cisco 2 Prime Network Control System, Prime Network Control System Software 2025-04-11 N/A
The Cisco Prime Network Control System (NCS) appliance with software before 1.1.1.24 has a default password for the database user account, which makes it easier for remote attackers to change the configuration or cause a denial of service (service disruption) via unspecified vectors, aka Bug ID CSCtz30468.
CVE-2013-3279 1 Emc 1 Atmos 2025-04-11 N/A
EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection.
CVE-2013-3278 1 Emc 4 Geosynchrony, Vplex Geo, Vplex Local and 1 more 2025-04-11 N/A
EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file.
CVE-2013-5535 1 Cisco 3 Video Surveillance 4000 Ip Camera, Video Surveillance 4300e Ip Camera, Video Surveillance 4500e Ip Camera 2025-04-11 N/A
The analytics page on Cisco Video Surveillance 4000 IP cameras has hardcoded credentials, which allows remote attackers to watch the video feed by leveraging knowledge of the password, aka Bug IDs CSCuj70402 and CSCuj70419.
CVE-2010-2928 1 Vmware 1 Vcenter Server 2025-04-11 N/A
The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file.
CVE-2010-3264 1 Novell 1 Identity Manager 2025-04-11 N/A
The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file.
CVE-2013-2819 1 Sierrawireless 19 Airlink Mp At\&t, Airlink Mp At\&t Wifi, Airlink Mp Bell and 16 more 2025-04-11 N/A
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action.
CVE-2010-4733 1 Intellicom 7 Netbiter Easyconnect Ec150, Netbiter Modbus Rtu-tcp Gateway Mb100, Netbiter Nb100 and 4 more 2025-04-11 N/A
WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms have a default username and password, which makes it easier for remote attackers to obtain superadmin access via the web interface, a different vulnerability than CVE-2009-4463.
CVE-2013-6034 6 Gatehouse, Harris, Hughes Network Systems and 3 more 9 Gatehouse, Bgan, 9201 and 6 more 2025-04-11 N/A
The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals has hardcoded credentials, which makes it easier for attackers to obtain unspecified login access via unknown vectors.
CVE-2011-0885 1 Smc Networks 2 Smcd3g-ccr, Smcd3g-ccr Firmware 2025-04-11 N/A
A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) web interface or (2) TELNET interface.