Total
725 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3454 | 1 Cisco | 11 Telepresence System 1300, Telepresence System 1300-65, Telepresence System 3000 and 8 more | 2024-11-21 | 10.0 HIGH | N/A |
| Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via HTTPS requests, aka Bug ID CSCui43128. | |||||
| CVE-2013-3409 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution | 2024-11-21 | 4.3 MEDIUM | N/A |
| The portal in Cisco Prime Central for Hosted Collaboration Solution (HCS) places cleartext credentials in temporary files, which allows local users to obtain sensitive information by leveraging weak file permissions to read these files, aka Bug IDs CSCuh33735 and CSCuh34230. | |||||
| CVE-2013-3279 | 1 Emc | 1 Atmos | 2024-11-21 | 5.0 MEDIUM | N/A |
| EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection. | |||||
| CVE-2013-3278 | 1 Emc | 4 Geosynchrony, Vplex Geo, Vplex Local and 1 more | 2024-11-21 | 4.9 MEDIUM | N/A |
| EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file. | |||||
| CVE-2013-3273 | 2 Emc, Rsa | 2 Rsa Authentication Manager, Authentication Manager | 2024-11-21 | 2.1 LOW | N/A |
| EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which allows local users to obtain sensitive information by reading the trace log file. | |||||
| CVE-2013-3272 | 1 Emc | 1 Replication Manager | 2024-11-21 | 2.1 LOW | N/A |
| EMC Replication Manager (RM) before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an unspecified decoding attack. | |||||
| CVE-2013-3271 | 1 Emc | 1 Rsa Authentication Agent | 2024-11-21 | 5.0 MEDIUM | N/A |
| EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it easier for remote attackers to discover correct login credentials via a brute-force attack. | |||||
| CVE-2013-3038 | 1 Ibm | 1 Rational Requirements Composer | 2024-11-21 | 5.4 MEDIUM | N/A |
| Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for remote attackers to discover credentials via unknown vectors. | |||||
| CVE-2013-2959 | 1 Ibm | 1 Infosphere Optim Data Growth For Oracle E-business Suite | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not provide an encrypted session for transmitting login credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-2951 | 1 Ibm | 1 Websphere Portal | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621. | |||||
| CVE-2013-2819 | 1 Sierrawireless | 19 Airlink Mp At\&t, Airlink Mp At\&t Wifi, Airlink Mp Bell and 16 more | 2024-11-21 | 9.3 HIGH | N/A |
| The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action. | |||||
| CVE-2013-2762 | 1 Schneider-electric | 1 Magelis Xbt Hmi | 2024-11-21 | 10.0 HIGH | N/A |
| The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions via crafted configuration data. | |||||
| CVE-2013-2579 | 1 Tp-link | 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more | 2024-11-21 | 10.0 HIGH | N/A |
| TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded "qmik" account, which allows remote attackers to obtain administrative access via a TELNET session. | |||||
| CVE-2013-2562 | 1 Mambo-foundation | 1 Mambo Cms | 2024-11-21 | 2.1 LOW | N/A |
| Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2013-2352 | 3 Dell, Hp, Ibm | 20 Poweredge 2950, Dl320s, Lefthand Nsm2060 and 17 more | 2024-11-21 | 9.4 HIGH | N/A |
| LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password. | |||||
| CVE-2013-2342 | 1 Hp | 1 Storeonce D2d | 2024-11-21 | 7.7 HIGH | N/A |
| The HP StoreOnce D2D backup system with software before 3.0.0 has a default password of badg3r5 for the HPSupport account, which allows remote attackers to obtain administrative access and delete data via an SSH session. | |||||
| CVE-2013-2297 | 1 Eucalyptus | 1 Eustore | 2024-11-21 | 6.9 MEDIUM | N/A |
| Eucalyptus EuStore sets a blank root password in the default configuration of EMI 3868652036, EMI 0400376721, EMI 2425352071, and EMI 1347115203, which allows local users to gain privileges via unspecified vectors, a related issue to CVE-2013-2069. | |||||
| CVE-2013-1815 | 1 Redhat | 3 Openstack Essex, Openstack Folsom, Packstack | 2024-11-21 | 4.4 MEDIUM | N/A |
| PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file. | |||||
| CVE-2013-1649 | 1 Open-xchange | 1 Open-xchange Server | 2024-11-21 | 4.3 MEDIUM | N/A |
| Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses the crypt and SHA-1 algorithms for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | |||||
| CVE-2013-1430 | 2 Debian, Neutrinolabs | 2 Debian Linux, Xrdp | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key. | |||||