Search Results (2329 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-8600 1 Dotcms 1 Dotcms 2025-04-12 N/A
In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later.
CVE-2016-9861 1 Phpmyadmin 1 Phpmyadmin 2025-04-12 N/A
An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
CVE-2014-2264 1 Synology 1 Diskstation Manager 2025-04-12 N/A
The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session.
CVE-2013-1430 2 Debian, Neutrinolabs 2 Debian Linux, Xrdp 2025-04-12 N/A
An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key.
CVE-2013-4440 1 Pwgen Project 1 Pwgen 2025-04-12 N/A
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.
CVE-2014-2942 1 Cobham 2 Aviator 700d, Aviator 700e 2025-04-12 N/A
Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code.
CVE-2013-7395 1 Zoll 1 Monitor\/defibrillator 2025-04-12 N/A
ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects).
CVE-2013-7404 1 Gehealthcare 1 Discovery Nm 750b 2025-04-12 N/A
GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
CVE-2013-7405 1 Gehealthcare 1 Centricity Dms 2025-04-12 N/A
The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
CVE-2014-0347 1 Websense 5 Triton Unified Security Center, Triton Web Filter, Triton Web Security and 2 more 2025-04-12 N/A
The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component.
CVE-2014-0354 1 Zyxel 2 N300 Netusb Nbg-419n, N300 Netusb Nbg-419n Firmware 2025-04-12 N/A
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login access via an HTTP request.
CVE-2014-2752 1 Sap 1 Business Object Processing Framework For Abap 2025-04-12 N/A
SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-1849 1 Foscam 1 Ip Camera Firmware 2025-04-12 N/A
Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by modifying arbitrary camera records in the Foscam DNS server.
CVE-2014-4875 1 Toshiba 1 Chec 2025-04-12 N/A
CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access.
CVE-2014-8583 1 Modwsgi 1 Mod Wsgi 2025-04-12 N/A
mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.
CVE-2015-2012 1 Ibm 1 Websphere Mq 2025-04-12 N/A
The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file.
CVE-2014-9248 1 Zenoss 1 Zenoss Core 2025-04-12 N/A
Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406.
CVE-2014-9251 1 Zenoss 1 Zenoss Core 2025-04-12 N/A
Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack on hash values in the database, aka ZEN-15413.
CVE-2015-0924 1 Ceragon 3 Fiberair Ip-10c, Fiberair Ip-10e, Fiberair Ip-10g 2025-04-12 N/A
Ceragon FibeAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session.
CVE-2015-0930 1 Servision 2 Hvg400, Hvg Video Gateway Firmware 2025-04-12 N/A
The web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which makes it easier for remote attackers to obtain access via an HTTP session.