Search Results (2336 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-5066 1 Redhat 5 Jboss Community Application Server, Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform and 2 more 2025-04-11 N/A
twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.
CVE-2009-5078 2 Apple, Gnu 2 Mac Os X, Groff 2025-04-11 N/A
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document.
CVE-2010-0113 2 Google, Symantec 2 Android, Mobile Security 2025-04-11 N/A
The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs.
CVE-2010-0124 1 Timeclock-software 1 Employee Timeclock Software 2025-04-11 N/A
Employee Timeclock Software 0.99 places the database password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.
CVE-2010-0141 1 Cisco 1 Unified Meetingplace 2025-04-11 N/A
MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote attackers to discover usernames, passwords, and unspecified other data from the user database via a modified authentication sequence to the Audio Server, aka Bug ID CSCsv76935.
CVE-2010-0769 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file.
CVE-2010-1487 1 Ibm 1 Lotus Notes 2025-04-11 N/A
IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.
CVE-2010-1507 1 Novell 2 Suse Linux, Webyast Appliance 2025-04-11 N/A
WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key.
CVE-2010-2387 1 Gnome 1 Gnome Display Manager 2025-04-11 N/A
vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.
CVE-2010-2928 1 Vmware 1 Vcenter Server 2025-04-11 N/A
The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file.
CVE-2010-3318 1 Ibm 1 Filenet Content Manager 2025-04-11 N/A
IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits passwords in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2010-3319 1 Ibm 1 Filenet Content Manager 2025-04-11 N/A
IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file.
CVE-2010-4094 1 Ibm 2 Rational Quality Manager, Rational Test Lab Manager 2025-04-11 N/A
The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548.
CVE-2010-4115 1 Hp 2 Storageworks Modular Smart Array P2000 G3, Storageworks Modular Smart Array P2000 G3 Firmware 2025-04-11 N/A
HP StorageWorks Modular Smart Array P2000 G3 firmware TS100R011, TS100R025, TS100P002, TS200R005, TS201R014, and TS201R015 installs an undocumented admin account with a default "!admin" password, which allows remote attackers to gain privileges.
CVE-2010-4233 2 Camtron, Tecvoz 4 Cmnc-200, Cmnc-200 Firmware, Cmnc-200 and 1 more 2025-04-11 N/A
The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m for the root account, and a default password of merlin for the mg3500 account, which makes it easier for remote attackers to obtain access via the TELNET interface.
CVE-2010-4764 1 Otrs 1 Otrs 2025-04-11 N/A
Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation signature.
CVE-2010-4965 1 Dlink 2 Dcs-2121, Dcs-2121 Firmware 2025-04-11 N/A
/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server.
CVE-2011-0354 1 Cisco 3 Tandberg Endpoint, Tandberg Personal Video Unit, Tandberg Personal Video Unit Software 2025-04-11 N/A
The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method.
CVE-2011-0412 1 Sun 1 Sunos 2025-04-11 N/A
Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks.
CVE-2011-0423 1 Polyvision 2 Roomwizard, Roomwizard Firmware 2025-04-11 N/A
The PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administrator account, which makes it easier for remote attackers to obtain console access via an HTTP session, a different vulnerability than CVE-2010-0214.