Total
771 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5848 | 1 Advantech | 14 Adam-6015, Adam-6017, Adam-6018 and 11 more | 2025-04-09 | 10.0 HIGH | N/A |
| The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and (1) monitor or (2) control the module's Modbus/TCP I/O activity. | |||||
| CVE-2007-6096 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2025-04-09 | 5.0 MEDIUM | N/A |
| Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown vectors. | |||||
| CVE-2008-4874 | 1 Philips Electronics | 1 Voip841 Dect Phone | 2025-04-09 | 5.0 MEDIUM | N/A |
| The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access. | |||||
| CVE-2009-3710 | 1 Riorey | 1 Rios | 2025-04-09 | 10.0 HIGH | N/A |
| RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain privileges via port 8022. | |||||
| CVE-2008-5871 | 1 Nortel | 1 Multimedia Communication Server 5100 | 2025-04-09 | 6.4 MEDIUM | N/A |
| Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command. | |||||
| CVE-2008-6818 | 1 Mole-group | 1 Real Estate Script | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mole Group Real Estate Script 1.1 and earlier stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-0015 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management." | |||||
| CVE-2008-1390 | 1 Asterisk | 5 Asterisk, Asterisk Appliance Developer Kit, Asterisk Business Edition and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
| The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses. | |||||
| CVE-2008-3059 | 1 Octeth | 1 Oempro | 2025-04-09 | 4.0 MEDIUM | N/A |
| member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly other versions before 4, uses cleartext to transmit a password entered in the FormValue_Password field, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to the "Settings - Account Information" tab. | |||||
| CVE-2007-5905 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 6.8 MEDIUM | N/A |
| Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability. | |||||
| CVE-2009-4354 | 1 Transware | 1 Active\! Mail | 2025-04-09 | 5.8 MEDIUM | N/A |
| TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions. | |||||
| CVE-2008-5847 | 1 Constructr | 1 Constructr-cms | 2025-04-09 | 2.6 LOW | N/A |
| Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column. | |||||
| CVE-2008-5670 | 1 Textpattern | 1 Textpattern | 2025-04-09 | 6.8 MEDIUM | N/A |
| Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session. | |||||
| CVE-2007-6267 | 1 Citrix | 3 Edgesight For Endpoints, Edgesight For Netscaler, Edgesight For Presentation Server | 2025-04-09 | 2.1 LOW | N/A |
| Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information. | |||||
| CVE-2008-1529 | 1 Zyxel | 3 Prestige 660, Prestige 661, Zynos | 2025-04-09 | 5.0 MEDIUM | N/A |
| ZyXEL Prestige routers have a minimum password length for the admin account that is too small, which makes it easier for remote attackers to guess passwords via brute force methods. | |||||
| CVE-2010-0224 | 1 Sandisk | 1 Cruzer Enterprise Usb | 2025-04-09 | 4.6 MEDIUM | N/A |
| SanDisk Cruzer Enterprise USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program. | |||||
| CVE-2008-0901 | 2 Bea, Bea Systems | 2 Weblogic Server, Weblogic Server | 2025-04-09 | 7.1 HIGH | N/A |
| BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not. | |||||
| CVE-2009-4304 | 1 Moodle | 1 Moodle | 2025-04-09 | 7.5 HIGH | N/A |
| Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks. | |||||
| CVE-2008-1543 | 1 Airspan | 7 Easy St, Easy St-2, Prost and 4 more | 2025-04-09 | 7.5 HIGH | N/A |
| The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which makes it easier for remote attackers to obtain partial administrative access, a different vulnerability than CVE-2008-1262. | |||||
| CVE-2008-1184 | 1 Dnssec-tools | 1 Dnssec-tools | 2025-04-09 | 5.0 MEDIUM | N/A |
| The DNSSEC validation library (libval) library in dnssec-tools before 1.3.1 does not properly check that the signing key is the APEX trust anchor, which might allow attackers to conduct unspecified attacks. | |||||