Total
774 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-2562 | 1 Mambo-foundation | 1 Mambo Cms | 2025-04-12 | N/A |
| Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-0683 | 1 Cisco | 6 Cvr100w, Cvr100w Firmware, Rv110w and 3 more | 2025-04-12 | N/A |
| The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier does not prevent replaying of modified authentication requests, which allows remote attackers to obtain administrative access by leveraging the ability to intercept requests, aka Bug IDs CSCul94527, CSCum86264, and CSCum86275. | ||||
| CVE-2012-6694 | 1 Gehealthcare | 2 Centricity Pacs Server, Centricity Pacs Workstation | 2025-04-12 | N/A |
| GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it. | ||||
| CVE-2014-7823 | 1 Redhat | 2 Enterprise Linux, Libvirt | 2025-04-12 | N/A |
| The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag. | ||||
| CVE-2007-6756 | 1 Zoll | 1 Monitor\/defibrillator | 2025-04-12 | N/A |
| ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a default password for System Configuration mode, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects). | ||||
| CVE-2007-6757 | 1 Gehealthcare | 1 Centricity Dms Firmware | 2025-04-12 | N/A |
| GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse!Admin for the Museadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
| CVE-2014-8527 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
| McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information and affect integrity via vectors related to a "plain text password." | ||||
| CVE-2015-6336 | 1 Cisco | 5 Aironet 1830e, Aironet 1830i, Aironet 1850e and 2 more | 2025-04-12 | N/A |
| Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have a default account, which makes it easier for remote attackers to obtain access via unspecified vectors, aka Bug ID CSCuw58062. | ||||
| CVE-2016-5838 | 1 Wordpress | 1 Wordpress | 2025-04-12 | N/A |
| WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie. | ||||
| CVE-2014-4010 | 1 Sap | 1 Transaction Data Pool | 2025-04-12 | N/A |
| SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2016-5848 | 1 Siemens | 1 Sicam Pas\/pqs | 2025-04-12 | 6.7 Medium |
| Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges. | ||||
| CVE-2014-0184 | 1 Redhat | 2 Cloudforms 3.0 Management Engine, Cloudforms Managementengine | 2025-04-12 | N/A |
| Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file. | ||||
| CVE-2010-5318 | 1 Basic-cms | 1 Sweetrice | 2025-04-12 | N/A |
| The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator's password by specifying the administrator's e-mail address in the email parameter. | ||||
| CVE-2010-5306 | 1 Gehealthcare | 3 Optima Ct520 Firmware, Optima Ct540 Firmware, Optima Ct680 Firmware | 2025-04-12 | N/A |
| GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default password of #bigguy for the root user, which has unspecified impact and attack vectors. | ||||
| CVE-2014-0085 | 1 Redhat | 3 Jboss A-mq, Jboss Amq, Jboss Fuse | 2025-04-12 | N/A |
| JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log. | ||||
| CVE-2015-5067 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982. | ||||
| CVE-2016-2311 | 1 Blackbox | 22 Alertwerks Servsensor Eme106a, Alertwerks Servsensor Eme108a-r2, Alertwerks Servsensor Eme109a-r2 and 19 more | 2025-04-12 | N/A |
| Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover administrator and user passwords via unspecified vectors. | ||||
| CVE-2015-3252 | 1 Apache | 1 Cloudstack | 2025-04-12 | N/A |
| Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server. | ||||
| CVE-2010-5310 | 1 Gehealthcare | 1 Revolution Xq\/i | 2025-04-12 | N/A |
| The Acquisition Workstation for the GE Healthcare Revolution XQ/i has a password of adw3.1 for the sdc user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
| CVE-2014-0246 | 1 Sosreport Project | 1 Sosreport | 2025-04-12 | N/A |
| SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive. | ||||