Search Results (2329 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-2630 1 Bandainamcogames 1 Madomagi-ip Android 2025-04-11 N/A
The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a crafted application.
CVE-2010-2467 3 Linearcorp, S2sys, Sonitrol 4 Emerge 50, Emerge 5000, Netbox and 1 more 2025-04-11 N/A
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests.
CVE-2010-2495 3 Canonical, Linux, Suse 5 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 2 more 2025-04-11 N/A
The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change.
CVE-2012-2690 2 Libguestfs, Redhat 2 Libguestfs, Enterprise Linux 2025-04-11 N/A
virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information.
CVE-2011-4515 1 Siemens 1 Wincc Tia Portal 2025-04-11 N/A
Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) Sm@rt Server access.
CVE-2010-3684 1 Synology 13 Disk Station Ds1010\+, Disk Station Ds109, Disk Station Ds110\+ and 10 more 2025-04-11 N/A
The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453.
CVE-2010-2976 1 Cisco 1 Unified Wireless Network Solution Software 2025-04-11 N/A
The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of "default" for the (3) SNMP v3 username, (4) SNMP v3 authentication password, and (5) SNMP v3 privacy password, which makes it easier for remote attackers to obtain access.
CVE-2010-2928 1 Vmware 1 Vcenter Server 2025-04-11 N/A
The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file.
CVE-2010-2469 1 Linearcorp 2 Emerge 50, Emerge 5000 2025-04-11 N/A
The Linear eMerge 50 and 5000 uses a default password of eMerge for the IEIeMerge account, which makes it easier for remote attackers to obtain Video Recorder data by establishing a session to the device.
CVE-2010-1383 2 Apple, Microsoft 5 Cfnetwork, Safari, Windows 7 and 2 more 2025-04-11 N/A
CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue.
CVE-2009-4674 1 Mole-group 2 Bus Ticket Script, Sky Hunter Airline Ticket Sale Script 2025-04-11 N/A
admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified user_id field.
CVE-2009-3245 2 Openssl, Redhat 3 Openssl, Enterprise Linux, Jboss Enterprise Web Server 2025-04-11 N/A
OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.
CVE-2009-4770 1 Jasper 1 Httpdx 2025-04-11 N/A
The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access.
CVE-2013-3502 1 Gwos 1 Groundwork Monitor 2025-04-11 N/A
monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands, and consequently obtain sensitive information, by leveraging a JOSSO SSO cookie.
CVE-2010-0510 1 Apple 1 Mac Os X Server 2025-04-11 N/A
Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password.
CVE-2011-5204 1 Akiva 1 Webboard 2025-04-11 N/A
Akiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database.
CVE-2011-0423 1 Polyvision 2 Roomwizard, Roomwizard Firmware 2025-04-11 N/A
The PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administrator account, which makes it easier for remote attackers to obtain console access via an HTTP session, a different vulnerability than CVE-2010-0214.
CVE-2012-2054 1 Redmine 1 Redmine 2025-04-11 N/A
Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a "mass assignment" vulnerability, a different vulnerability than CVE-2012-0327.
CVE-2012-2299 2 Drupal, Ubercart 2 Drupal, Ubercart 2025-04-11 N/A
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database.
CVE-2013-7305 1 E107 1 E107 2025-04-11 N/A
fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user.