Total
737 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4702 | 1 360systems | 3 Image Server 2000, Image Server Maxx, Maxx | 2025-04-11 | 10.0 HIGH | N/A |
| 360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hardcoded password for the root account, which makes it easier for remote attackers to execute arbitrary code, or modify video content or scheduling, via an SSH session. | |||||
| CVE-2013-6687 | 1 Cisco | 1 Webex Meetings Server | 2025-04-11 | 4.0 MEDIUM | N/A |
| The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source code, aka Bug ID CSCul33876. | |||||
| CVE-2013-3279 | 1 Emc | 1 Atmos | 2025-04-11 | 5.0 MEDIUM | N/A |
| EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection. | |||||
| CVE-2010-5080 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | 6.8 MEDIUM | N/A |
| The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HTTP referer leakage." | |||||
| CVE-2013-5006 | 1 Westerndigital | 3 My Net N750, My Net N900, My Net N900c | 2025-04-11 | 4.3 MEDIUM | N/A |
| main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the "var pass=" line within the HTML source code. | |||||
| CVE-2013-3272 | 1 Emc | 1 Replication Manager | 2025-04-11 | 2.1 LOW | N/A |
| EMC Replication Manager (RM) before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an unspecified decoding attack. | |||||
| CVE-2012-4733 | 1 Bestpractical | 1 Rt | 2025-04-11 | 6.0 MEDIUM | N/A |
| Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors. | |||||
| CVE-2012-4362 | 1 Hp | 2 San\/iq, Virtual San Appliance | 2025-04-11 | 4.0 MEDIUM | N/A |
| hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838. | |||||
| CVE-2012-4952 | 1 Dentrix | 1 G5 | 2025-04-11 | 5.0 MEDIUM | N/A |
| Henry Schein Dentrix G5 before 15.1.294 has a single internal-database password that is shared across different customers' installations, which allows remote attackers to obtain sensitive information about patients by leveraging knowledge of this password from another installation. | |||||
| CVE-2010-4115 | 1 Hp | 2 Storageworks Modular Smart Array P2000 G3, Storageworks Modular Smart Array P2000 G3 Firmware | 2025-04-11 | 9.0 HIGH | N/A |
| HP StorageWorks Modular Smart Array P2000 G3 firmware TS100R011, TS100R025, TS100P002, TS200R005, TS201R014, and TS201R015 installs an undocumented admin account with a default "!admin" password, which allows remote attackers to gain privileges. | |||||
| CVE-2010-0769 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 1.9 LOW | N/A |
| IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file. | |||||
| CVE-2013-2579 | 1 Tp-link | 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more | 2025-04-11 | 10.0 HIGH | N/A |
| TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded "qmik" account, which allows remote attackers to obtain administrative access via a TELNET session. | |||||
| CVE-2010-1940 | 2 Apple, Microsoft | 2 Safari, Windows | 2025-04-11 | 4.3 MEDIUM | N/A |
| Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2011-1906 | 1 Trustwave | 1 Webdefend | 2025-04-11 | 5.0 MEDIUM | N/A |
| Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756. | |||||
| CVE-2010-4094 | 1 Ibm | 2 Rational Quality Manager, Rational Test Lab Manager | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548. | |||||
| CVE-2013-2297 | 1 Eucalyptus | 1 Eustore | 2025-04-11 | 6.9 MEDIUM | N/A |
| Eucalyptus EuStore sets a blank root password in the default configuration of EMI 3868652036, EMI 0400376721, EMI 2425352071, and EMI 1347115203, which allows local users to gain privileges via unspecified vectors, a related issue to CVE-2013-2069. | |||||
| CVE-2010-0510 | 1 Apple | 1 Mac Os X Server | 2025-04-11 | 9.0 HIGH | N/A |
| Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password. | |||||
| CVE-2013-3505 | 1 Gwos | 1 Groundwork Monitor | 2025-04-11 | 4.0 MEDIUM | N/A |
| The Nagios-App component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to bypass intended access restrictions via a direct request for a (1) log file or (2) configuration file. | |||||
| CVE-2009-5021 | 1 Michael Dehaan | 1 Cobbler | 2025-04-11 | 7.5 HIGH | N/A |
| Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password. | |||||
| CVE-2011-4678 | 1 Oneclickorgs | 1 One Click Orgs | 2025-04-11 | 5.0 MEDIUM | N/A |
| The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attackers to enumerate user accounts via a series of requests. | |||||