Total
766 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-7856 | 1 Opennms | 1 Opennms | 2025-04-12 | N/A |
| OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials. | ||||
| CVE-2014-2198 | 1 Cisco | 2 Unified Cdm Platform Software, Unified Communications Domain Manager | 2025-04-12 | N/A |
| Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a binary file found in a different installation of the product, aka Bug ID CSCud41130. | ||||
| CVE-2014-3925 | 2 Canonical, Redhat | 3 Ubuntu Linux, Enterprise Linux, Sos | 2025-04-12 | N/A |
| sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. | ||||
| CVE-2016-1307 | 2 Zyxel, Zzinc | 2 Gs1900-10hp Firmware, Keymouse Firmware | 2025-04-12 | N/A |
| The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. | ||||
| CVE-2014-3068 | 2 Ibm, Redhat | 3 Java, Network Satellite, Rhel Extras | 2025-04-12 | N/A |
| IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack. | ||||
| CVE-2014-4775 | 1 Ibm | 2 Infosphere Master Data Management, Infosphere Master Data Management Server For Product Information Management | 2025-04-12 | N/A |
| IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1-FP15 and 10.x and 11.x before 11.3-IF2 do not properly protect credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-2969 | 1 Netgear | 2 Gs108pe, Gs108pe Firmware | 2025-04-12 | N/A |
| NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi. | ||||
| CVE-2014-8527 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information and affect integrity via vectors related to a "plain text password." | ||||
| CVE-2015-3252 | 1 Apache | 1 Cloudstack | 2025-04-12 | N/A |
| Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server. | ||||
| CVE-2014-2751 | 1 Sap | 1 Print And Output Management | 2025-04-12 | N/A |
| SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2015-7251 | 1 Zte | 2 Zxhn H108n R1a, Zxhn H108n R1a Firmware | 2025-04-12 | N/A |
| ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. | ||||
| CVE-2015-7277 | 1 Ampedwireless | 2 R10000, R10000 Firmware | 2025-04-12 | N/A |
| The web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | ||||
| CVE-2015-2864 | 1 Retrospect | 2 Retrospect, Retrospect Client | 2025-04-12 | N/A |
| Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before 10.0.2.104 on Linux improperly generate password hashes, which makes it easier for remote attackers to bypass authentication and obtain access to backup files by leveraging a collision. | ||||
| CVE-2015-2874 | 2 Lacie, Seagate | 7 Lac9000436u, Lac9000436u Firmware, Lac9000464u and 4 more | 2025-04-12 | N/A |
| Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. | ||||
| CVE-2015-3001 | 1 Sysaid | 1 Sysaid | 2025-04-12 | N/A |
| SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. | ||||
| CVE-2015-6316 | 1 Cisco | 1 Mobility Services Engine | 2025-04-12 | N/A |
| The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501. | ||||
| CVE-2014-9406 | 1 Arris | 2 Touchstone Tg862g\/ct, Touchstone Tg862g\/ct Firmware | 2025-04-12 | N/A |
| ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to home_loggedout.php. | ||||
| CVE-2015-3968 | 1 Janitza | 5 Umg 508, Umg 509, Umg 511 and 2 more | 2025-04-12 | N/A |
| The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files via a session on TCP port 21. | ||||
| CVE-2013-5433 | 1 Ibm | 1 Infosphere Optim Data Growth Solution For Siebel Crm | 2025-04-12 | N/A |
| The Data Growth Solution for JD Edwards EnterpriseOne in IBM InfoSphere Optim 3.0 through 9.1 has hardcoded database credentials, which allows remote authenticated users to obtain sensitive information by reading an unspecified field in an XML document. | ||||
| CVE-2015-2012 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | N/A |
| The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file. | ||||