Search Results (782 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-5504 1 Solarwinds 1 Log And Event Manager 2025-04-12 N/A
SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.
CVE-2014-6098 1 Ibm 1 Security Identity Manager 2025-04-12 N/A
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request.
CVE-2014-6099 1 Ibm 1 Sterling B2b Integrator 2025-04-12 N/A
The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to obtain admin access via a brute-force approach.
CVE-2014-6607 1 Mmonit 1 M\/monit 2025-04-12 N/A
M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409.
CVE-2014-7232 1 Gehealthcare 2 Discovery Xr656, Discovery Xr656 G2 2025-04-12 N/A
GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.
CVE-2014-7233 1 Gehealthcare 1 Precision Thunis-800\+ 2025-04-12 N/A
GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability.
CVE-2014-7823 1 Redhat 2 Enterprise Linux, Libvirt 2025-04-12 N/A
The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.
CVE-2014-7845 1 Moodle 1 Moodle 2025-04-12 N/A
The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack.
CVE-2014-8034 1 Cisco 1 Webex Meetings Server 2025-04-12 N/A
Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321.
CVE-2014-8496 1 Digicom 2 Dg-5514t Adsl Router, Dg-5514t Adsl Router Firmware 2025-04-12 N/A
Digicom DG-5514T ADSL router with firmware 3.2 generates predictable session IDs, which allows remote attackers to gain administrator privileges via a brute force session hijacking attack.
CVE-2014-8518 1 Mcafee 2 Endpoint Encryption For Files And Folders, File And Removable Media Protection 2025-04-12 N/A
The (1) Removable Media and (2) CD and DVD encryption offsite access options (formerly Endpoint Encryption for Removable Media or EERM) in McAfee File and Removable Media Protection (FRP) 4.3.0.x, and Endpoint Encryption for Files and Folders (EEFF) 3.2.x through 4.2.x, uses a hard-coded salt, which makes it easier for local users to obtain passwords via a brute force attack.
CVE-2014-8527 1 Mcafee 1 Network Data Loss Prevention 2025-04-12 N/A
McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information and affect integrity via vectors related to a "plain text password."
CVE-2014-8656 1 Compal Broadband Networks 3 Cg6640e Wireless Gateway, Ch664oe Wireless Gateway, Firmware 2025-04-12 N/A
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors.
CVE-2016-2871 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-12 N/A
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information by reading a configuration file.
CVE-2016-3946 1 Sap 1 Sapconsole 2025-04-12 N/A
SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461.
CVE-2016-4028 1 Open-xchange 1 Ox Guard 2025-04-12 N/A
An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the encryption padding. In combination with AES-CBC, this allows attackers to guess the correct padding. Attackers may run brute-forcing attacks on the content of the guest authentication token and discover user credentials. For a practical attack vector, the guest users needs to have logged in, the content of the guest user's "OxReaderID" cookie and the value of the "auth" parameter needs to be known to the attacker.
CVE-2016-4325 1 Lantronix 1 Xprintserver Firmware 2025-04-12 N/A
Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors.
CVE-2016-4527 1 Abb 1 Pcm600 2025-04-12 N/A
ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2016-6531 1 Opendental 1 Opendental 2025-04-12 9.8 Critical
Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a default blank password, but it can be changed ... We recommend that users change it, each customer receives direction.
CVE-2014-9248 1 Zenoss 1 Zenoss Core 2025-04-12 N/A
Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406.