Total
756 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0085 | 1 Redhat | 3 Jboss A-mq, Jboss Amq, Jboss Fuse | 2024-08-06 | N/A |
| JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log. | ||||
| CVE-2014-0008 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
| lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report. | ||||
| CVE-2015-9278 | 1 Mailenable | 1 Mailenable | 2024-08-06 | N/A |
| MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request. | ||||
| CVE-2015-8945 | 1 Openshift | 1 Origin | 2024-08-06 | N/A |
| openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal. | ||||
| CVE-2015-8673 | 1 Huawei | 5 Te30, Te40, Te50 and 2 more | 2024-08-06 | N/A |
| Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation. | ||||
| CVE-2015-8675 | 1 Huawei | 2 S5300, S5300 Firmware | 2024-08-06 | N/A |
| Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display. | ||||
| CVE-2015-8626 | 1 Mediawiki | 1 Mediawiki | 2024-08-06 | N/A |
| The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||||
| CVE-2015-8611 | 1 F5 | 9 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 6 more | 2024-08-06 | N/A |
| BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management (AOM) subsystem, which might allow remote attackers to obtain login access to AOM via an (1) expired or (2) default password. | ||||
| CVE-2015-8362 | 1 Harman | 1 Amx Firmware | 2024-08-06 | N/A |
| The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2016-1984. | ||||
| CVE-2015-8282 | 1 Seawell Networks | 1 Spectrum Sdc | 2024-08-06 | N/A |
| SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account. | ||||
| CVE-2015-8289 | 1 Netgear | 4 D3600, D3600 Firmware, D6000 and 1 more | 2024-08-06 | N/A |
| The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code. | ||||
| CVE-2015-8109 | 1 Lenovo | 1 Lenovo System Update | 2024-08-06 | N/A |
| Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability." | ||||
| CVE-2015-8009 | 1 Mediawiki | 1 Mediawiki | 2024-08-06 | N/A |
| The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials. | ||||
| CVE-2015-7906 | 1 Loytec | 5 L-switch And L-ip Firmware, Linx-100, Lip-3ectb and 2 more | 2024-08-06 | N/A |
| LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices allow remote attackers to read a password-hash backup file via unspecified vectors. | ||||
| CVE-2015-7911 | 1 Saia Burgess Controls | 28 Pcd1.m0xx0, Pcd1.m0xx0 Firmware, Pcd1.m2xx0 and 25 more | 2024-08-06 | N/A |
| Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.24.41 have hardcoded credentials, which allows remote attackers to obtain administrative access via an FTP session. | ||||
| CVE-2015-7921 | 1 Schneider-electric | 4 Proface Gp-pro Ex Ex-ed, Proface Gp-pro Ex Pfxexedls, Proface Gp-pro Ex Pfxexedv and 1 more | 2024-08-06 | 9.1 Critical |
| The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials. | ||||
| CVE-2015-7915 | 1 Sauter | 1 Moduweb Vision | 2024-08-06 | N/A |
| Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2015-7819 | 2 Ibm, Lenovo | 2 System Networking Switch Center, Switch Center | 2024-08-06 | N/A |
| The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password. | ||||
| CVE-2015-7462 | 1 Ibm | 1 Websphere Mq | 2024-08-06 | N/A |
| IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program. | ||||
| CVE-2015-7283 | 1 Zyxel | 2 Nbg-418n, Nbg-418n Firmware | 2024-08-06 | N/A |
| The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | ||||