ReportizFlow
Filtered by vendor
Subscriptions
Total
1262 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-8837 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2025-04-20 | N/A |
| Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can gain access to passwords and abuse them to compromise further systems. | ||||
| CVE-2017-5139 | 1 Honeywell | 1 Xl Web Ii Controller | 2025-04-20 | N/A |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password. | ||||
| CVE-2017-6046 | 1 Sierra Wireless | 4 Airlink Raven Xe, Airlink Raven Xe Firmware, Airlink Raven Xt and 1 more | 2025-04-20 | N/A |
| An Insufficiently Protected Credentials issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Sensitive information is insufficiently protected during transmission and vulnerable to sniffing, which could lead to information disclosure. | ||||
| CVE-2017-9136 | 1 Mimosa | 2 Backhaul Radios, Client Radios | 2025-04-20 | N/A |
| An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be used to view unsalted, MD5-hashed administrator passwords, which can then be cracked, giving the attacker full admin access to the device's web interface. This vulnerability can also be used to view the plaintext pre-shared key (PSK) for encrypted wireless connections, or to view the device's serial number (which allows an attacker to factory reset the device). | ||||
| CVE-2017-7913 | 1 Moxa | 12 Oncell 5004-hspa, Oncell 5004-hspa Firmware, Oncell 5104-hsdpa and 9 more | 2025-04-20 | N/A |
| A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application's configuration file contains parameters that represent passwords in plaintext. | ||||
| CVE-2017-3760 | 1 Lenovo | 1 Service Framework | 2025-04-20 | N/A |
| The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. This exposes the application to man-in-the-middle attacks leading to possible remote code execution. | ||||
| CVE-2017-5700 | 1 Intel | 10 Nuc7i3bnh, Nuc7i3bnh Firmware, Nuc7i3bnk and 7 more | 2025-04-20 | N/A |
| Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage. | ||||
| CVE-2017-16731 | 1 Hitachienergy | 1 Ellipse | 2025-04-20 | N/A |
| An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials. | ||||
| CVE-2017-3214 | 1 Milwaukeetool | 1 One-key | 2025-04-20 | 7.5 High |
| The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary. | ||||
| CVE-2017-15272 | 1 Psftp | 1 Psftpd | 2025-04-20 | N/A |
| The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data. Cleartext is used for a user password. | ||||
| CVE-2017-9552 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline". | ||||
| CVE-2017-1337 | 1 Ibm | 1 Websphere Mq | 2025-04-20 | N/A |
| IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245. | ||||
| CVE-2017-6532 | 1 Televes | 2 Coaxdata Gateway 1gbps, Coaxdata Gateway 1gbps Firmware | 2025-04-20 | N/A |
| Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 have cleartext credentials in /mib.db. | ||||
| CVE-2017-7547 | 2 Postgresql, Redhat | 3 Postgresql, Enterprise Linux, Rhel Software Collections | 2025-04-20 | N/A |
| PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so. | ||||
| CVE-2017-4966 | 3 Broadcom, Debian, Pivotal Software | 3 Rabbitmq Server, Debian Linux, Rabbitmq | 2025-04-20 | 7.8 High |
| An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack. | ||||
| CVE-2017-13771 | 1 Lexmark | 1 Scan To Network | 2025-04-20 | N/A |
| Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet. | ||||
| CVE-2017-11349 | 1 Datataker | 2 Dt8x, Dt8x Firmware | 2025-04-20 | N/A |
| dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data. | ||||
| CVE-2017-4923 | 1 Vmware | 1 Vcenter Server | 2025-04-20 | N/A |
| VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. This issue may allow plaintext credentials to be obtained when using the vCenter Server Appliance file-based backup feature. | ||||
| CVE-2017-14111 | 1 Philips | 2 Intellispace Cardiovascular, Xcelera | 2025-04-20 | N/A |
| The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements. | ||||
| CVE-2017-8225 | 1 Wificam | 2 Wireless Ip Camera \(p2p\), Wireless Ip Camera \(p2p\) Firmware | 2025-04-20 | N/A |
| On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI. | ||||