Total
774 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-4008 | 1 Sap | 1 Web Services Tool | 2025-04-12 | N/A |
| SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2016-2203 | 1 Symantec | 1 Messaging Gateway | 2025-04-12 | N/A |
| The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. | ||||
| CVE-2014-0683 | 1 Cisco | 6 Cvr100w, Cvr100w Firmware, Rv110w and 3 more | 2025-04-12 | N/A |
| The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier does not prevent replaying of modified authentication requests, which allows remote attackers to obtain administrative access by leveraging the ability to intercept requests, aka Bug IDs CSCul94527, CSCum86264, and CSCum86275. | ||||
| CVE-2014-3692 | 1 Redhat | 2 Cloudforms 3.1 Management Engine, Cloudforms Managementengine | 2025-04-12 | N/A |
| The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges. | ||||
| CVE-2015-7911 | 1 Saia Burgess Controls | 28 Pcd1.m0xx0, Pcd1.m0xx0 Firmware, Pcd1.m2xx0 and 25 more | 2025-04-12 | N/A |
| Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.24.41 have hardcoded credentials, which allows remote attackers to obtain administrative access via an FTP session. | ||||
| CVE-2010-5309 | 1 Gehealthcare | 1 Cadstream Server Firmware | 2025-04-12 | N/A |
| GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors. | ||||
| CVE-2014-4012 | 1 Sap | 1 Open Hub Service | 2025-04-12 | N/A |
| SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2014-4009 | 1 Sap | 1 Computing Center Management System Monitoring | 2025-04-12 | N/A |
| SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2015-2874 | 2 Lacie, Seagate | 7 Lac9000436u, Lac9000436u Firmware, Lac9000464u and 4 more | 2025-04-12 | N/A |
| Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. | ||||
| CVE-2014-3298 | 1 Cisco | 1 Cloud Portal | 2025-04-12 | N/A |
| Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976. | ||||
| CVE-2013-7442 | 1 Gehealthcare | 1 Centricity Pacs Workstation | 2025-04-12 | N/A |
| GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it. | ||||
| CVE-2014-3220 | 1 F5 | 1 Big-iq | 2025-04-12 | N/A |
| F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/. | ||||
| CVE-2014-3419 | 1 Infoblox | 1 Netmri | 2025-04-12 | N/A |
| Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors. | ||||
| CVE-2013-7405 | 1 Gehealthcare | 1 Centricity Dms | 2025-04-12 | N/A |
| The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
| CVE-2013-7395 | 1 Zoll | 1 Monitor\/defibrillator | 2025-04-12 | N/A |
| ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects). | ||||
| CVE-2014-2751 | 1 Sap | 1 Print And Output Management | 2025-04-12 | N/A |
| SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2014-2870 | 1 Paperthin | 1 Commonspot Content Server | 2025-04-12 | N/A |
| The default configuration of PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 uses cleartext for storage of credentials in a database, which makes it easier for context-dependent attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2010-5310 | 1 Gehealthcare | 1 Revolution Xq\/i | 2025-04-12 | N/A |
| The Acquisition Workstation for the GE Healthcare Revolution XQ/i has a password of adw3.1 for the sdc user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
| CVE-2016-1307 | 2 Zyxel, Zzinc | 2 Gs1900-10hp Firmware, Keymouse Firmware | 2025-04-12 | N/A |
| The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. | ||||
| CVE-2014-2212 | 1 Posh Project | 1 Posh | 2025-04-12 | N/A |
| The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie. | ||||