Search Results (782 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-4007 1 Sap 1 Upgrade Tools 2025-04-12 N/A
The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-4366 1 Apple 1 Iphone Os 2025-04-12 N/A
Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
CVE-2014-4811 1 Ibm 5 San Volume Controller Software, Storwize V3500, Storwize V3700 and 2 more 2025-04-12 N/A
IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Controller 6.x and 7.x before 7.2.0.8 allow remote attackers to reset the administrator superuser password to its default value via a direct request to the administrative IP address.
CVE-2014-4822 1 Ibm 2 Websphere Mq, Websphere Mq Explorer 2025-04-12 N/A
IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via an unspecified trace operation.
CVE-2014-8527 1 Mcafee 1 Network Data Loss Prevention 2025-04-12 N/A
McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information and affect integrity via vectors related to a "plain text password."
CVE-2014-9006 1 Monstra 1 Monstra 2025-04-12 N/A
Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values.
CVE-2014-9251 1 Zenoss 1 Zenoss Core 2025-04-12 N/A
Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack on hash values in the database, aka ZEN-15413.
CVE-2014-9406 1 Arris 2 Touchstone Tg862g\/ct, Touchstone Tg862g\/ct Firmware 2025-04-12 N/A
ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to home_loggedout.php.
CVE-2015-0930 1 Servision 2 Hvg400, Hvg Video Gateway Firmware 2025-04-12 N/A
The web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which makes it easier for remote attackers to obtain access via an HTTP session.
CVE-2015-1455 1 Fortinet 1 Fortiauthenticator 2025-04-12 N/A
Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2015-1950 1 Ibm 1 Powervc 2025-04-12 N/A
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.
CVE-2015-2012 1 Ibm 1 Websphere Mq 2025-04-12 N/A
The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file.
CVE-2015-5988 1 Zyxel 1 Gs1900-10hp Firmware 2025-04-12 N/A
The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.
CVE-2015-6032 1 Qolsys 1 Iq Panel 2025-04-12 N/A
Qolsys IQ Panel (aka QOL) before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation.
CVE-2016-0049 1 Microsoft 6 Windows 10, Windows 7, Windows 8.1 and 3 more 2025-04-12 N/A
Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action, aka "Windows Kerberos Security Feature Bypass."
CVE-2016-0865 1 Tollgrade 1 Smartgrid Lighthouse Sensor Management System 2025-04-12 N/A
Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote authenticated users to change arbitrary passwords via unspecified vectors.
CVE-2003-1603 1 Gehealthcare 1 Discovery Vh 2025-04-12 N/A
GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors.
CVE-2015-2864 1 Retrospect 2 Retrospect, Retrospect Client 2025-04-12 N/A
Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before 10.0.2.104 on Linux improperly generate password hashes, which makes it easier for remote attackers to bypass authentication and obtain access to backup files by leveraging a collision.
CVE-2014-4018 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2025-04-12 N/A
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2013-7395 1 Zoll 1 Monitor\/defibrillator 2025-04-12 N/A
ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects).