Total
771 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-8366 | 1 Phoenixcontact | 2 Ilc Plcs, Ilc Plcs Firmware | 2024-11-21 | N/A |
| Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text. | ||||
| CVE-2016-7043 | 1 Redhat | 1 Kie-server | 2024-11-21 | N/A |
| It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services. | ||||
| CVE-2016-6599 | 1 Bmc | 1 Track-it\! | 2024-11-21 | N/A |
| BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV ("NumaraIT") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service component is enabled, which is the most common scenario in enterprise deployments. | ||||
| CVE-2016-6554 | 1 Synology | 6 Ds107, Ds107 Firmware, Ds116 and 3 more | 2024-11-21 | N/A |
| Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker can gain privileged access to a vulnerable device. | ||||
| CVE-2016-6553 | 1 Nuuo | 2 Nt-4040 Titan, Nt-4040 Titan Firmware | 2024-11-21 | N/A |
| Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111. A remote network attacker can gain privileged access to a vulnerable device. | ||||
| CVE-2016-6552 | 1 Greenpacket | 2 Dx-350, Dx-350 Firmware | 2024-11-21 | N/A |
| Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device. | ||||
| CVE-2016-6551 | 1 Intelliantech | 26 T100q, T100q Firmware, T100w and 23 more | 2024-11-21 | N/A |
| Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp or intellian:12345678. A remote network attacker can gain elevated access to a vulnerable device. | ||||
| CVE-2016-6547 | 1 Nutspace | 1 Nut Mobile | 2024-11-21 | N/A |
| The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. | ||||
| CVE-2016-6546 | 1 Kkmcn | 1 Itrackeasy | 2024-11-21 | N/A |
| The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext. | ||||
| CVE-2016-6538 | 1 Thetrackr | 2 Trackr Bravo, Trackr Bravo Firmware | 2024-11-21 | N/A |
| The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541. | ||||
| CVE-2016-3952 | 1 Web2py | 1 Web2py | 2024-11-21 | N/A |
| web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/template_examples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access. | ||||
| CVE-2016-10821 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75). | ||||
| CVE-2016-10791 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559). | ||||
| CVE-2016-10526 | 1 Grunt-gh-pages Project | 1 Grunt-gh-pages | 2024-11-21 | N/A |
| A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised. | ||||
| CVE-2016-0898 | 1 Vmware | 1 Pivotal Software Mysql | 2024-11-21 | 10.0 Critical |
| MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM. | ||||
| CVE-2015-9278 | 1 Mailenable | 1 Mailenable | 2024-11-21 | N/A |
| MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request. | ||||
| CVE-2015-9240 | 1 Keystonejs | 1 Keystone | 2024-11-21 | N/A |
| Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in. | ||||
| CVE-2015-4400 | 1 Ring | 2 Ring, Ring Firmware | 2024-11-21 | N/A |
| Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainSpan Wi-Fi module. | ||||
| CVE-2015-1320 | 1 Canonical | 1 Metal As A Service | 2024-11-21 | N/A |
| The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2. | ||||
| CVE-2014-8335 | 1 Wp-dbmanager Project | 1 Wp-dbmanager | 2024-11-21 | N/A |
| (1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | ||||