Vulnerabilities (CVE)

CWE filter

CWE-255

Filter

948 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-18754 1 Zyxel 1 Vmg3312-b10b Firmware 2018-12-07 5.0
ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.
CVE-2018-16669 2018-12-07 5.0
An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml...
CVE-2018-17613 1 Telegram 1 Telegram Desktop 2018-12-06 5.0
Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol.
CVE-2018-18375 1 Orange 1 Airbox Firmware 2018-12-06 5.0
goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter.
CVE-2018-1223 2018-12-04 4.0
Cloud Foundry Container Runtime (kubo-release), versions prior to 0.14.0, may leak UAA and vCenter credentials to application logs. A malicious user with the ability to read the application logs could use these credentials to escalate privileges.
CVE-2018-18393 1 Moxa 1 Thingspro 2018-12-03 5.0
Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVE-2018-16987 1 Squashtest 1 Squash Tm 2018-11-30 4.0
Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code.
CVE-2018-17900 1 Yokogawa 4 Fcj Firmware, Fcn-100 Firmware, Fcn-500 Firmware and 1 more 2018-11-30 5.0
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers.
CVE-2014-9195 2 Pheonixcontact-software, Phoenixcontact-software 4 Proconos Eclr, Multiprog, Multiprog and 1 more 2018-11-29 7.5
Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.
CVE-2017-1231 1 Ibm 1 Bigfix Platform 2018-11-28 2.1
IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910.
CVE-2018-16946 1 Lg 1 Lnd7210 Firmware 2018-11-26 5.0
LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup...
CVE-2018-18074 2 Python-requests, Canonical 2 Requests, Ubuntu Linux 2018-11-24 5.0
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
CVE-2018-1498 1 Ibm 1 Security Guardium 2018-11-21 2.1
IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 141223.
CVE-2018-11086 1 Pivotal Software 1 Pivotal Application Service 2018-11-21 4.0
Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be...
CVE-2018-11088 1 Pivotal Software 1 Pivotal Application Service 2018-11-21 4.0
Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may...
CVE-2018-10814 1 Synametrics 1 Synaman 2018-11-21 2.1
Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials.
CVE-2018-17107 2018-11-15 7.5
In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in 3.2.5.0), active logins would be cached, allowing subsequent logins to succeed with any username or password.
CVE-2018-17368 1 Publiccms 1 Publiccms 2018-11-15 5.0
An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks.
CVE-2018-16608 1 Monstra 1 Monstra 2018-11-14 4.0
In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR).
CVE-2017-17691 2018-11-14 4.3
Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack.