Search Results (782 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-3897 1 Ibm 1 Omnifind 2025-04-11 N/A
ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file.
CVE-2010-3912 1 Novell 1 Suse Linux 2025-04-11 N/A
The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.
CVE-2010-3925 1 Wb-i 1 Contents-mall 2025-04-11 N/A
Contents-Mall before 15 does not properly handle passwords, which allows remote attackers to discover the administrative password, and consequently obtain sensitive information or modify data, via unspecified vectors.
CVE-2010-4733 1 Intellicom 7 Netbiter Easyconnect Ec150, Netbiter Modbus Rtu-tcp Gateway Mb100, Netbiter Nb100 and 4 more 2025-04-11 N/A
WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms have a default username and password, which makes it easier for remote attackers to obtain superadmin access via the web interface, a different vulnerability than CVE-2009-4463.
CVE-2010-4764 1 Otrs 1 Otrs 2025-04-11 N/A
Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation signature.
CVE-2011-0756 1 Trustwave 1 Webdefend 2025-04-11 N/A
The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port.
CVE-2011-1035 1 Pivotx 1 Pivotx 2025-04-11 N/A
The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors.
CVE-2011-1906 1 Trustwave 1 Webdefend 2025-04-11 N/A
Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756.
CVE-2011-2024 1 Cisco 1 Cns Network Registrar 2025-04-11 N/A
Cisco Network Registrar before 7.2 has a default administrative password, which makes it easier for remote attackers to obtain access via a TCP session, aka Bug ID CSCsm50627.
CVE-2011-2082 1 Bestpractical 1 Rt 2025-04-11 N/A
The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0009.
CVE-2011-2555 1 Cisco 1 Telepresence Recording Server Software 2025-04-11 N/A
Cisco TelePresence Recording Server 1.7.2.x before 1.7.2.1 has a default password for the root administrator account, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtr76182.
CVE-2011-3245 1 Apple 1 Iphone Os 2025-04-11 N/A
The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character.
CVE-2011-3255 1 Apple 1 Iphone Os 2025-04-11 N/A
CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
CVE-2011-3290 1 Cisco 2 Identity Services Engine, Identity Services Engine Software 2025-04-11 N/A
Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135.
CVE-2011-3435 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors.
CVE-2011-3429 1 Apple 1 Iphone Os 2025-04-11 N/A
The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file.
CVE-2011-3434 1 Apple 1 Iphone Os 2025-04-11 N/A
The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
CVE-2011-4142 1 Emc 1 Sourceone Email Management 2025-04-11 N/A
The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files.
CVE-2011-4730 3 Microsoft, Parallels, Redhat 3 Windows, Parallels Plesk Panel, Enterprise Linux 2025-04-11 N/A
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in admin/reseller/login-info/ and certain other files.
CVE-2011-4739 3 Microsoft, Parallels, Redhat 3 Windows, Parallels Plesk Panel, Enterprise Linux 2025-04-11 N/A
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/my-profile and certain other files.