Total
742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2723 | 1 Nessus | 1 Nessuswx | 2025-04-03 | 2.1 LOW | N/A |
| NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords. | |||||
| CVE-1999-1214 | 5 Bsd, Freebsd, Netbsd and 2 more | 5 Bsd, Freebsd, Netbsd and 2 more | 2025-04-03 | 2.1 LOW | N/A |
| The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID. | |||||
| CVE-2003-1401 | 1 Php Board | 1 Php Board | 2025-04-03 | 5.8 MEDIUM | N/A |
| login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request. | |||||
| CVE-2006-1002 | 1 Netgear | 1 Wgt624 | 2025-04-03 | 10.0 HIGH | N/A |
| NETGEAR WGT624 Wireless DSL router has a default account of super_username "Gearguy" and super_passwd "Geardog", which allows remote attackers to modify the configuration. NOTE: followup posts have suggested that this might not occur with all WGT624 routers. | |||||
| CVE-2003-1394 | 1 Coffeecup Software | 1 Coffeecup Password Wizard | 2025-04-03 | 5.0 MEDIUM | N/A |
| CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file. | |||||
| CVE-2004-2696 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.5 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call. | |||||
| CVE-2003-1482 | 1 Microsoft | 1 Mn-500 Wireless Base Station | 2025-04-03 | 4.6 MEDIUM | N/A |
| The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access. | |||||
| CVE-2002-2384 | 1 Hotfoon Corporation | 1 Hotfoon | 2025-04-03 | 3.6 LOW | N/A |
| hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry key, which allows local users to gain access to user accounts and steal phone service. | |||||
| CVE-2004-2722 | 1 Nessus | 1 Nessus | 2025-04-03 | 2.1 LOW | N/A |
| Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the original researcher reports that the vendor has disputed this issue | |||||
| CVE-2003-1376 | 1 Winzip | 1 Winzip | 2025-04-03 | 4.6 MEDIUM | N/A |
| WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder. | |||||
| CVE-2025-2555 | 2025-03-20 | 1.2 LOW | 2.9 LOW | ||
| A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.89 and 2.90 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about these issues and acted very professional. Version 2.89 is fixing this issue for new customers and 2.90 is going to fix it for existing customers. | |||||
| CVE-2021-37000 | 1 Huawei | 1 Harmonyos | 2025-03-18 | N/A | 7.7 HIGH |
| Some Huawei wearables have a permission management vulnerability. | |||||
| CVE-2025-2355 | 2025-03-17 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCS_TOKEN/SECRET_KEY leads to unprotected storage of credentials. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-11026 | 2 Free-now, Google | 2 Freenow, Android | 2024-11-23 | 2.6 LOW | 3.7 LOW |
| A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ch/qos/logback/core/net/ssl/SSL.java of the component Keystore Handler. The manipulation of the argument DEFAULT_KEYSTORE_PASSWORD with the input changeit leads to use of hard-coded password. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2019-7690 | 1 Mobatek | 1 Mobaxterm | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH private key and its password can be retrieved from process memory for the lifetime of the process, even after the user disconnects from the remote SSH server. This affects Passwordless Authentication that has a Password Protected SSH Private Key. | |||||
| CVE-2019-5456 | 1 Ui | 1 Unifi Controller | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later. | |||||
| CVE-2019-4381 | 1 Ibm | 1 I | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker could exploit this vulnerability to obtain HMC credentials. IBM X-Force ID: 162159. | |||||
| CVE-2019-13560 | 1 Dlink | 2 Dir-655, Dir-655 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter. | |||||
| CVE-2018-6443 | 2 Brocade, Netapp | 2 Network Advisor, Brocade Network Advisor | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console. | |||||
| CVE-2017-9385 | 1 Getvera | 4 Veraedge, Veraedge Firmware, Veralite and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the username and the password in the /etc/cmh/cmh.conf file which can be extracted by an attacker using a directory traversal attack, and then log in to the device with the highest privileges. | |||||