Search Results (2329 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-5310 1 Gehealthcare 1 Revolution Xq\/i 2025-04-12 N/A
The Acquisition Workstation for the GE Healthcare Revolution XQ/i has a password of adw3.1 for the sdc user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
CVE-2010-5318 1 Basic-cms 1 Sweetrice 2025-04-12 N/A
The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator's password by specifying the administrator's e-mail address in the email parameter.
CVE-2012-3359 1 Redhat 3 Conga, Enterprise Linux, Rhel Cluster 2025-04-12 N/A
Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect enforcement of a user timeout.
CVE-2013-5755 1 Yealink 1 Sip-t38g 2025-04-12 N/A
config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-2212 1 Posh Project 1 Posh 2025-04-12 N/A
The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie.
CVE-2014-2224 1 Plogger 1 Plogger 2025-04-12 N/A
Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not assign new values for certain codes, which makes it easier for remote attackers to bypass the CAPTCHA protection mechanism via a series of form submissions.
CVE-2014-2226 1 Ui 1 Unifi Controller 2025-04-12 N/A
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
CVE-2014-4864 1 Netgear 1 Prosafe Firmware 2025-04-12 N/A
The NETGEAR ProSafe Plus Configuration Utility creates configuration backup files containing cleartext passwords, which might allow remote attackers to obtain sensitive information by reading a file.
CVE-2014-6076 1 Ibm 2 Security Access Manager For Mobile, Security Access Manager For Web 2025-04-12 N/A
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site.
CVE-2014-6098 1 Ibm 1 Security Identity Manager 2025-04-12 N/A
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request.
CVE-2014-6174 1 Ibm 1 Websphere Application Server 2025-04-12 N/A
IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to conduct clickjacking attacks via a crafted web site.
CVE-2014-7823 1 Redhat 2 Enterprise Linux, Libvirt 2025-04-12 N/A
The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.
CVE-2014-7845 1 Moodle 1 Moodle 2025-04-12 N/A
The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack.
CVE-2014-8636 1 Mozilla 2 Firefox, Seamonkey 2025-04-12 N/A
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.
CVE-2014-8656 1 Compal Broadband Networks 3 Cg6640e Wireless Gateway, Ch664oe Wireless Gateway, Firmware 2025-04-12 N/A
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors.
CVE-2014-8779 1 Pexip 1 Pexip Infinity 2025-04-12 N/A
Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys.
CVE-2014-9687 1 Ecryptfs 1 Ecryptfs-utils 2025-04-12 N/A
eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.
CVE-2014-9736 1 Gehealthcare 1 Centricity Clinical Archive Audit Trail Repository 2025-04-12 N/A
GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors.
CVE-2014-9793 1 Google 1 Android 2025-04-12 N/A
platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28821253 and Qualcomm internal bug CR580567.
CVE-2015-0599 1 Cisco 1 Unified Computing System 2025-04-12 N/A
The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf50138.