Search Results (782 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-2352 3 Dell, Hp, Ibm 20 Poweredge 2950, Dl320s, Lefthand Nsm2060 and 17 more 2025-04-11 N/A
LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.
CVE-2013-2579 1 Tp-link 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more 2025-04-11 N/A
TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded "qmik" account, which allows remote attackers to obtain administrative access via a TELNET session.
CVE-2013-3038 1 Ibm 1 Rational Requirements Composer 2025-04-11 N/A
Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for remote attackers to discover credentials via unknown vectors.
CVE-2013-3455 1 Cisco 1 Finesse 2025-04-11 N/A
Cisco Finesse allows remote attackers to obtain sensitive information by sniffing the network for HTTP query data, aka Bug ID CSCug16732.
CVE-2009-3035 1 Symantec 1 Altiris Notification Server 2025-04-11 N/A
The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials.
CVE-2009-4674 1 Mole-group 2 Bus Ticket Script, Sky Hunter Airline Ticket Sale Script 2025-04-11 N/A
admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified user_id field.
CVE-2009-4770 1 Jasper 1 Httpdx 2025-04-11 N/A
The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access.
CVE-2009-4781 1 Tukeva 1 Password Reminder 2025-04-11 N/A
TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for rem.accdb, which allows local users to discover credentials via a DBI connection.
CVE-2009-4945 1 Atutor 1 Acollab 2025-04-11 N/A
AdPeeps 8.5d1 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via requests to index.php.
CVE-2009-5021 1 Michael Dehaan 1 Cobbler 2025-04-11 N/A
Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password.
CVE-2009-5066 1 Redhat 5 Jboss Community Application Server, Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform and 2 more 2025-04-11 N/A
twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.
CVE-2010-0113 2 Google, Symantec 2 Android, Mobile Security 2025-04-11 N/A
The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs.
CVE-2010-0124 1 Timeclock-software 1 Employee Timeclock Software 2025-04-11 N/A
Employee Timeclock Software 0.99 places the database password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.
CVE-2010-0141 1 Cisco 1 Unified Meetingplace 2025-04-11 N/A
MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote attackers to discover usernames, passwords, and unspecified other data from the user database via a modified authentication sequence to the Audio Server, aka Bug ID CSCsv76935.
CVE-2010-0219 2 Apache, Sap 2 Axis2, Businessobjects 2025-04-11 N/A
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
CVE-2010-0444 2 Hp, Sun 2 Operations Agent, Solaris 2025-04-11 N/A
HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a blank password for the opc_op account, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2010-0510 1 Apple 1 Mac Os X Server 2025-04-11 N/A
Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password.
CVE-2010-0556 1 Google 1 Chrome 2025-04-11 N/A
browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element.
CVE-2010-0557 1 Ibm 1 Cognos Express 2025-04-11 N/A
IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials.
CVE-2010-0570 1 Cisco 1 Digital Media Manager 2025-04-11 N/A
Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x has a default password for the Tomcat administration account, which makes it easier for remote attackers to execute arbitrary code via a crafted web application, aka Bug ID CSCta03378.