Search Results (2339 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3710 1 Riorey 1 Rios 2026-04-23 N/A
RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain privileges via port 8022.
CVE-2009-0919 1 Apachefriends 1 Xampp 2026-04-23 N/A
XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the "lampp" default password for the "nobody" account within the included ProFTPD installation, (2) a blank default password for the "root" account within the included MySQL installation, (3) a blank default password for the "pma" account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK, but this issue affects any product that is installed within the XAMPP environment, and should not be viewed as a vulnerability within that product. NOTE: DFLabs states that PTK is intended for use in a laboratory with "no contact from / to internet."
CVE-2008-6971 1 Simplemachines 1 Smf 2026-04-23 N/A
The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify passwords of other users and gain privileges.
CVE-2006-6503 4 Canonical, Debian, Mozilla and 1 more 6 Ubuntu Linux, Debian Linux, Firefox and 3 more 2026-04-23 N/A
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI.
CVE-2006-6239 1 Mailenable 2 Netwebadmin Enterprise, Netwebadmin Professional 2026-04-23 N/A
webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty password.
CVE-2009-2087 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial of service (deployment failure) via unspecified vectors.
CVE-2008-0604 1 Xlight Ftp Server 1 Xlight Ftp Server 2026-04-23 N/A
The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions.
CVE-2008-0535 2 Cisco, Icon-labs 2 Service Control Engine, Iconfidant Ssh 2026-04-23 N/A
Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device instability) via "SSH credentials that attempt to change the authentication method," aka Bug ID CSCsm14239.
CVE-2008-0440 1 Alstrasoft 1 Forum Pay Per Post Exchange 2026-04-23 N/A
AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts.
CVE-2007-6661 1 2z Project 1 2z Project 2026-04-23 N/A
2z project 0.9.6.1 allows attackers to change the password without supplying the old password.
CVE-2008-6577 1 Nortel 1 Cs1000 2026-04-23 N/A
Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges.
CVE-2008-6524 1 Cale Dunlap 1 Openinvoice 2026-04-23 N/A
resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication.
CVE-2008-0029 1 Cisco 5 Application Velocity System, Application Velocity System 3110, Application Velocity System 3120 and 2 more 2026-04-23 N/A
Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges.
CVE-2007-5905 1 Adobe 1 Coldfusion 2026-04-23 N/A
Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability.
CVE-2008-5847 1 Constructr 1 Constructr-cms 2026-04-23 N/A
Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.
CVE-2007-4598 1 Ibm 1 Surepos 500 2026-04-23 N/A
IBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts.
CVE-2008-6191 1 Intrinsic 1 Swimage Encore 2026-04-23 N/A
Conductor.exe in Intrinsic Swimage Encore before 5.0.1.21 contains a hardcoded password, which might allow local users to decrypt certain .bin files. NOTE: it is not clear whether this issue crosses privilege boundaries.
CVE-2007-5988 1 Bti-tracker 1 Bti-tracker 2026-04-23 N/A
blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field.
CVE-2008-2291 1 Symantec 1 Altiris Deployment Solution 2026-04-23 N/A
axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials.
CVE-2008-6588 1 Aztech 1 Adsl2\/2\+4-port Router 2026-04-23 N/A
Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed.