Search Results (782 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-4362 1 Hp 2 San\/iq, Virtual San Appliance 2025-04-11 N/A
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.
CVE-2012-6088 1 Rpm 1 Rpm 2025-04-11 6.2 Medium
The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package.
CVE-2012-6115 1 Redhat 2 Enterprise Virtualization Manager, Rhev Manager 2025-04-11 N/A
The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file.
CVE-2012-6137 1 Redhat 9 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Eus and 6 more 2025-04-11 N/A
rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials.
CVE-2014-1408 1 Conceptronic 2 C54apm, C54apm Firmware 2025-04-11 N/A
The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks.
CVE-2014-0329 1 Zte 1 Zxv10 W300 2025-04-11 N/A
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.
CVE-2014-0647 2 Apple, Starbucks 2 Iphone Os, Starbucks 2025-04-11 N/A
The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics log file (/Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog), which allows attackers to discover usernames, passwords, and e-mail addresses via an application that reads session.clslog.
CVE-2014-0675 1 Cisco 1 Telepresence Video Communication Server 2025-04-11 N/A
The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471.
CVE-2010-0113 2 Google, Symantec 2 Android, Mobile Security 2025-04-11 N/A
The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs.
CVE-2009-5066 1 Redhat 5 Jboss Community Application Server, Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform and 2 more 2025-04-11 N/A
twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.
CVE-2014-0709 1 Cisco 1 Ucs Director 2025-04-11 N/A
Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930.
CVE-2010-3122 1 Devonit 1 Thin-client Management Tool 2025-04-11 N/A
The DevonIT thin-client management tool relies on a shared secret for authentication but transmits the secret in cleartext, which makes it easier for remote attackers to discover the secret value, and consequently obtain administrative control over client machines, by sniffing the network.
CVE-2014-0842 1 Ibm 1 Rational Focal Point 2025-04-11 N/A
The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code.
CVE-2009-5021 1 Michael Dehaan 1 Cobbler 2025-04-11 N/A
Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password.
CVE-2010-2083 1 Microsoft 1 Dynamics Gp 2025-04-11 N/A
Microsoft Dynamics GP has a default value of ACCESS for the system password, which might make it easier for remote authenticated users to bypass intended access restrictions via unspecified vectors.
CVE-2014-1948 2 Openstack, Redhat 2 Image Registry And Delivery Service \(glance\), Openstack 2025-04-11 N/A
OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.
CVE-2010-0556 1 Google 1 Chrome 2025-04-11 N/A
browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element.
CVE-2010-0510 1 Apple 1 Mac Os X Server 2025-04-11 N/A
Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password.
CVE-2010-0444 2 Hp, Sun 2 Operations Agent, Solaris 2025-04-11 N/A
HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a blank password for the opc_op account, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2010-2082 1 Cisco 1 Scientific Atlanta Webstar Dpc2100r2 2025-04-11 N/A
The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 has a default administrative password (aka SAPassword) of W2402, which makes it easier for remote attackers to obtain privileged access.