Total
765 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-0128 | 1 Tigertext | 1 Tigertext | 2025-04-11 | N/A |
| The Contact Customer Support feature in the TigerText Free Private Texting app before 3.1.402 for iOS sends a log-file e-mail message with unencrypted credentials, which allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to an e-mail endpoint. | ||||
| CVE-2013-3625 | 1 Baramundi | 1 Management Suite | 2025-04-11 | N/A |
| An unspecified DLL file in Baramundi Management Suite 7.5 through 8.9 uses a hardcoded encryption key, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere. | ||||
| CVE-2013-0678 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | N/A |
| Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query. | ||||
| CVE-2012-4733 | 1 Bestpractical | 1 Rt | 2025-04-11 | N/A |
| Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors. | ||||
| CVE-2012-4697 | 1 Turck | 4 Bl20 Programmable Gateway, Bl20 Programmable Gateway Firmware, Bl67 Programmable Gateway and 1 more | 2025-04-11 | N/A |
| TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allows remote attackers to obtain administrative access via an FTP session. | ||||
| CVE-2011-1623 | 1 Cisco | 2 Media Experience Engine 5600, Media Processing Software | 2025-04-11 | N/A |
| Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1) the local console, (2) an SSH session, or (3) a TELNET session, aka Bug ID CSCto77737. | ||||
| CVE-2012-4879 | 1 Wago | 1 Wago I\/o System 758 Industrial Pc Device | 2025-04-11 | N/A |
| The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a default password of guest for the guest account, which makes it easier for remote attackers to obtain login access via a TELNET session, a different vulnerability than CVE-2012-3013. | ||||
| CVE-2012-4577 | 1 Korenix | 1 Jetport | 2025-04-11 | N/A |
| The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH session. | ||||
| CVE-2012-4362 | 1 Hp | 2 San\/iq, Virtual San Appliance | 2025-04-11 | N/A |
| hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838. | ||||
| CVE-2012-4074 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | N/A |
| The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of this key, aka Bug ID CSCte90338. | ||||
| CVE-2012-3720 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 saves password hashes for external-account use even if external accounts are not enabled, which might allow remote attackers to determine passwords via unspecified access to a mobile account. | ||||
| CVE-2012-3020 | 1 Siemens | 2 Synco Ozw Web Server, Synco Ozw Web Server Firmware | 2025-04-11 | N/A |
| The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW775 with firmware before 4 have an unspecified default password, which makes it easier for remote attackers to obtain administrative access via a network session. | ||||
| CVE-2008-7310 | 1 Spreecommerce | 1 Spree | 2025-04-11 | N/A |
| Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a "mass assignment" vulnerability. | ||||
| CVE-2013-2762 | 1 Schneider-electric | 1 Magelis Xbt Hmi | 2025-04-11 | N/A |
| The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions via crafted configuration data. | ||||
| CVE-2012-2743 | 1 Mikel Olasagasti | 1 Revelation | 2025-04-11 | N/A |
| Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack. | ||||
| CVE-2012-2664 | 1 Redhat | 2 Enterprise Linux, Sos | 2025-04-11 | N/A |
| The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes. | ||||
| CVE-2012-2630 | 1 Bandainamcogames | 1 Madomagi-ip Android | 2025-04-11 | N/A |
| The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a crafted application. | ||||
| CVE-2012-2299 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2025-04-11 | N/A |
| The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database. | ||||
| CVE-2012-4856 | 1 Ibm | 2 Power 5, Power 5 System Firmware | 2025-04-11 | N/A |
| The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2013-5400 | 1 Ibm | 1 Platform Symphony | 2025-04-11 | N/A |
| An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local environment" access via unknown vectors. | ||||