Total
766 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-2082 | 1 Bestpractical | 1 Rt | 2025-04-11 | N/A |
| The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0009. | ||||
| CVE-2011-2024 | 1 Cisco | 1 Cns Network Registrar | 2025-04-11 | N/A |
| Cisco Network Registrar before 7.2 has a default administrative password, which makes it easier for remote attackers to obtain access via a TCP session, aka Bug ID CSCsm50627. | ||||
| CVE-2011-1906 | 1 Trustwave | 1 Webdefend | 2025-04-11 | N/A |
| Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756. | ||||
| CVE-2011-1835 | 2 Ecryptfs, Redhat | 3 Ecryptfs-utils, Ecryptfs Utils, Enterprise Linux | 2025-04-11 | N/A |
| The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps. | ||||
| CVE-2011-1822 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-11 | N/A |
| The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0009 stores a cleartext SHA password in the change log, which might allow local users to obtain sensitive information by reading this log. | ||||
| CVE-2011-1773 | 2 Matthew Booth, Redhat | 2 Virt-v2v, Enterprise Linux | 2025-04-11 | N/A |
| virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password. | ||||
| CVE-2011-1742 | 1 Emc | 1 Data Protection Advisor | 2025-04-11 | N/A |
| EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file. | ||||
| CVE-2011-1690 | 1 Bestpractical | 1 Rt | 2025-04-11 | N/A |
| Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors. | ||||
| CVE-2011-1623 | 1 Cisco | 2 Media Experience Engine 5600, Media Processing Software | 2025-04-11 | N/A |
| Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1) the local console, (2) an SSH session, or (3) a TELNET session, aka Bug ID CSCto77737. | ||||
| CVE-2011-1560 | 1 Ibm | 1 Soliddb | 2025-04-11 | N/A |
| solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x and 6.3.x before 6.3.47, and 6.5.x before 6.5.0.3 uses a password-hash length specified by the client, which allows remote attackers to bypass authentication via a short length value. | ||||
| CVE-2011-1035 | 1 Pivotx | 1 Pivotx | 2025-04-11 | N/A |
| The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors. | ||||
| CVE-2011-1007 | 1 Bestpractical | 1 Rt | 2025-04-11 | N/A |
| Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout. | ||||
| CVE-2011-0951 | 1 Cisco | 1 Secure Access Control System | 2025-04-11 | N/A |
| The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440. | ||||
| CVE-2011-0885 | 1 Smc Networks | 2 Smcd3g-ccr, Smcd3g-ccr Firmware | 2025-04-11 | N/A |
| A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) web interface or (2) TELNET interface. | ||||
| CVE-2011-0756 | 1 Trustwave | 1 Webdefend | 2025-04-11 | N/A |
| The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port. | ||||
| CVE-2011-0423 | 1 Polyvision | 2 Roomwizard, Roomwizard Firmware | 2025-04-11 | N/A |
| The PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administrator account, which makes it easier for remote attackers to obtain console access via an HTTP session, a different vulnerability than CVE-2010-0214. | ||||
| CVE-2011-0412 | 1 Sun | 1 Sunos | 2025-04-11 | N/A |
| Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks. | ||||
| CVE-2010-5092 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | N/A |
| The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database. | ||||
| CVE-2010-5080 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | N/A |
| The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HTTP referer leakage." | ||||
| CVE-2010-5067 | 1 Vwar | 1 Virtual War | 2025-04-11 | N/A |
| Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie. | ||||