ReportizFlow
Filtered by vendor
Subscriptions
Total
765 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0890 | 1 Ibm | 1 Sametime | 2025-04-12 | N/A |
| The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by reading a log file. | ||||
| CVE-2013-7395 | 1 Zoll | 1 Monitor\/defibrillator | 2025-04-12 | N/A |
| ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects). | ||||
| CVE-2016-1927 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | N/A |
| The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach. | ||||
| CVE-2014-1812 | 1 Microsoft | 6 Windows 7, Windows 8, Windows 8.1 and 3 more | 2025-04-12 | 8.8 High |
| The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share, as exploited in the wild in May 2014, aka "Group Policy Preferences Password Elevation of Privilege Vulnerability." | ||||
| CVE-2014-0920 | 1 Ibm | 1 Spss Analytic Server | 2025-04-12 | N/A |
| IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2016-2871 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | N/A |
| IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information by reading a configuration file. | ||||
| CVE-2016-3946 | 1 Sap | 1 Sapconsole | 2025-04-12 | N/A |
| SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461. | ||||
| CVE-2014-0694 | 1 Cisco | 1 Cloud Portal | 2025-04-12 | N/A |
| Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from an arbitrary IAC installation by leveraging knowledge of this key, aka Bug IDs CSCui34764, CSCui34772, CSCui34776, CSCui34798, CSCui34800, CSCui34805, CSCui34809, CSCui34810, CSCui34813, CSCui34814, and CSCui34818. | ||||
| CVE-2007-6756 | 1 Zoll | 1 Monitor\/defibrillator | 2025-04-12 | N/A |
| ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a default password for System Configuration mode, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects). | ||||
| CVE-2013-7134 | 1 Phusion | 1 Juvia | 2025-04-12 | N/A |
| Juvia uses the same secret key for all installations, which allows remote attackers to have unspecified impact by leveraging the secret key in app/config/initializers/secret_token.rb, related to cookies. | ||||
| CVE-2014-8034 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | N/A |
| Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321. | ||||
| CVE-2014-8496 | 1 Digicom | 2 Dg-5514t Adsl Router, Dg-5514t Adsl Router Firmware | 2025-04-12 | N/A |
| Digicom DG-5514T ADSL router with firmware 3.2 generates predictable session IDs, which allows remote attackers to gain administrator privileges via a brute force session hijacking attack. | ||||
| CVE-2014-6098 | 1 Ibm | 1 Security Identity Manager | 2025-04-12 | N/A |
| IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request. | ||||
| CVE-2013-7382 | 1 Vicidial | 1 Vicidial | 2025-04-12 | N/A |
| VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to obtain access. | ||||
| CVE-2014-9251 | 1 Zenoss | 1 Zenoss Core | 2025-04-12 | N/A |
| Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack on hash values in the database, aka ZEN-15413. | ||||
| CVE-2016-1394 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | N/A |
| Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238. | ||||
| CVE-2014-4012 | 1 Sap | 1 Open Hub Service | 2025-04-12 | N/A |
| SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2014-4864 | 1 Netgear | 1 Prosafe Firmware | 2025-04-12 | N/A |
| The NETGEAR ProSafe Plus Configuration Utility creates configuration backup files containing cleartext passwords, which might allow remote attackers to obtain sensitive information by reading a file. | ||||
| CVE-2015-2766 | 1 Websense | 1 Triton Ap Email | 2025-04-12 | N/A |
| The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allows attackers to have unspecified impact via a brute force attack. | ||||
| CVE-2014-2942 | 1 Cobham | 2 Aviator 700d, Aviator 700e | 2025-04-12 | N/A |
| Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code. | ||||