Total
771 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2290 | 1 Mambo | 1 Mambo Site Server | 2025-04-03 | 10.0 HIGH | N/A |
| Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges. | |||||
| CVE-2003-1482 | 1 Microsoft | 1 Mn-500 Wireless Base Station | 2025-04-03 | 4.6 MEDIUM | N/A |
| The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access. | |||||
| CVE-1999-0994 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
| Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords. | |||||
| CVE-2004-2723 | 1 Nessus | 1 Nessuswx | 2025-04-03 | 2.1 LOW | N/A |
| NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords. | |||||
| CVE-2002-2412 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 2.1 LOW | N/A |
| Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts. | |||||
| CVE-2003-1376 | 1 Winzip | 1 Winzip | 2025-04-03 | 4.6 MEDIUM | N/A |
| WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder. | |||||
| CVE-2002-2310 | 1 Kryptronic | 1 Clickcartpro | 2025-04-03 | 5.0 MEDIUM | N/A |
| ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords. | |||||
| CVE-2006-3203 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-03 | 10.0 HIGH | N/A |
| The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier includes a default administrator login account and password, which allows remote attackers to gain privileges. | |||||
| CVE-2005-4862 | 1 Xwiki | 1 Xwiki | 2025-04-03 | 5.0 MEDIUM | N/A |
| The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password. | |||||
| CVE-2003-1401 | 1 Php Board | 1 Php Board | 2025-04-03 | 5.8 MEDIUM | N/A |
| login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request. | |||||
| CVE-2002-2384 | 1 Hotfoon Corporation | 1 Hotfoon | 2025-04-03 | 3.6 LOW | N/A |
| hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry key, which allows local users to gain access to user accounts and steal phone service. | |||||
| CVE-2002-2345 | 1 Oracle | 1 Application Server | 2025-04-03 | 7.5 HIGH | N/A |
| Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access. | |||||
| CVE-2006-2481 | 1 Vmware | 1 Esx | 2025-04-03 | 5.0 MEDIUM | N/A |
| VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619). | |||||
| CVE-2025-2555 | 2025-03-20 | 1.2 LOW | 2.9 LOW | ||
| A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.89 and 2.90 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about these issues and acted very professional. Version 2.89 is fixing this issue for new customers and 2.90 is going to fix it for existing customers. | |||||
| CVE-2021-37000 | 1 Huawei | 1 Harmonyos | 2025-03-18 | N/A | 7.7 HIGH |
| Some Huawei wearables have a permission management vulnerability. | |||||
| CVE-2025-2355 | 2025-03-17 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCS_TOKEN/SECRET_KEY leads to unprotected storage of credentials. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-11026 | 2 Free-now, Google | 2 Freenow, Android | 2024-11-23 | 2.6 LOW | 3.7 LOW |
| A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ch/qos/logback/core/net/ssl/SSL.java of the component Keystore Handler. The manipulation of the argument DEFAULT_KEYSTORE_PASSWORD with the input changeit leads to use of hard-coded password. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-25327 | 1 Google | 1 Fscrypt | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or above | |||||
| CVE-2021-28509 | 1 Arista | 45 7050cx3-32s, 7050cx3m-32s, 7050sx3-48c8 and 42 more | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
| This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to other authorized users, which could cause MACsec traffic to be decrypted or modified by other authorized users on the device. | |||||
| CVE-2021-28508 | 1 Arista | 45 7050cx3-32s, 7050cx3m-32s, 7050sx3-48c8 and 42 more | 2024-11-21 | 3.6 LOW | 6.8 MEDIUM |
| This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to other authorized users, which could cause IPsec traffic to be decrypted or modified by other authorized users on the device. | |||||