Vulnerabilities (CVE)

CWE filter

CWE-255

Filter

1064 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-8950 1 Dasannetworks 1 H665 Firmware 2019-02-21 10.0
The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET.
CVE-2019-6242 1 Kentico 1 Kentico 2019-02-21 4.0
** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. NOTE: the vendor considers this a best-practice violation but not a vulnerability. The vendor plans to...
CVE-2018-20371 1 Photorange Photo Vault Project 1 Photorange Photo Vault 2019-02-21 5.0
PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers to bypass intended GET restrictions via a brute-force approach, as demonstrated by "GET /login.html__passwd1" and "GET...
CVE-2019-7676 2019-02-20 6.5
A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account.
CVE-2019-4059 1 Ibm 1 Rational Clearcase 2019-02-20 5.0
IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583.
CVE-2019-8418 1 Seacms 1 Seacms 2019-02-20 4.0
SeaCMS 7.2 mishandles member.php?mod=repsw4 requests.
CVE-2019-3782 2019-02-16 2.1
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file...
CVE-2019-1657 2019-02-15 4.0
A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure...
CVE-2018-20393 1 Technicolor 8 Cga0101 Firmware, Cga0111 Firmware, Dpc3928sl Firmware and 5 more 2019-02-15 5.0
Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a, TC7110.AR STD3.38.03, TC7110.B STC8.62.02, TC7110.D STDB.79.02, TC7200.d1I...
CVE-2018-20483 1 Gnu 1 Wget 2019-02-14 2.1
set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g.,...
CVE-2018-0474 1 Cisco 1 Unified Communications Manager 2019-02-14 4.0
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved...
CVE-2018-7793 1 Schneider-electric 1 Foxview 2019-02-14 4.6
A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.) which could cause unauthorized disclosure,...
CVE-2018-20381 1 Technicolor 1 Dpc2320 Firmware 2019-02-14 5.0
Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20380 1 Ubeeinteractive 4 Ambit Ddw2600 Firmware, Ambit Ddw2602 Firmware, Ambit T60c926 Firmware and 1 more 2019-02-14 5.0
Ambit DDW2600 5.100.1009, DDW2602 5.105.1003, T60C926 4.64.1012, and U10C019 5.66.1026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2019-7674 1 Mobotix 1 S14 Firmware 2019-02-13 5.0
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to set the "aaaaa" password, considered insecure for some use cases, from a user.
CVE-2019-6549 2019-02-13 4.0
An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) through FTP.
CVE-2018-20781 2019-02-12 5.0
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
CVE-2018-18767 1 D-link 2 Mydlink Baby Camera Monitor, Dcs-825l Firmware 2019-02-11 1.9
An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the Wi-Fi camera (D-Link 825L firmware 1.08) with...
CVE-2018-18007 1 Dlink 1 Dsl-2770l Firmware 2019-02-11 5.0
atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials.
CVE-2019-7648 1 Hotels Server Project 1 Hotels Server 2019-02-11 5.0
controller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage.