CVE-2014-3413
The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access.
Source: CVE-2014-3413
CVE-2018-4863
Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesSophos Endpoint Defense registry key.
Source: CVE-2018-4863
CVE-2018-9233
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%SophosSophos Anti-VirusConfigmachine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches.
Source: CVE-2018-9233
CVE-2016-8366
Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text.
Source: CVE-2016-8366
CVE-2018-3624
Buffer overflow in ETWS processing module Intel XMM71xx, XMM72xx, XMM73xx, XMM74xx and Sofia 3G/R allows remote attacker to potentially execute arbitrary code via an adjacent network.
Source: CVE-2018-3624
CVE-2016-8380
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.
Source: CVE-2016-8380
CVE-2016-8371
The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.
Source: CVE-2016-8371
CVE-2018-9244
GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7.
Source: CVE-2018-9244
CVE-2018-9243
GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7.
Source: CVE-2018-9243
CVE-2018-7035
Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action.
Source: CVE-2018-7035