Search Results (2329 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-0947 1 Rsa 1 Authentication Manager 2025-04-11 N/A
EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a (1) log file or (2) configuration file.
CVE-2013-1170 1 Cisco 2 Prime Network Control System, Prime Network Control System Software 2025-04-11 N/A
The Cisco Prime Network Control System (NCS) appliance with software before 1.1.1.24 has a default password for the database user account, which makes it easier for remote attackers to change the configuration or cause a denial of service (service disruption) via unspecified vectors, aka Bug ID CSCtz30468.
CVE-2011-0885 1 Smc Networks 2 Smcd3g-ccr, Smcd3g-ccr Firmware 2025-04-11 N/A
A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) web interface or (2) TELNET interface.
CVE-2013-2297 1 Eucalyptus 1 Eustore 2025-04-11 N/A
Eucalyptus EuStore sets a blank root password in the default configuration of EMI 3868652036, EMI 0400376721, EMI 2425352071, and EMI 1347115203, which allows local users to gain privileges via unspecified vectors, a related issue to CVE-2013-2069.
CVE-2013-2342 1 Hp 1 Storeonce D2d 2025-04-11 N/A
The HP StoreOnce D2D backup system with software before 3.0.0 has a default password of badg3r5 for the HPSupport account, which allows remote attackers to obtain administrative access and delete data via an SSH session.
CVE-2013-2352 3 Dell, Hp, Ibm 20 Poweredge 2950, Dl320s, Lefthand Nsm2060 and 17 more 2025-04-11 N/A
LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.
CVE-2013-2762 1 Schneider-electric 1 Magelis Xbt Hmi 2025-04-11 N/A
The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions via crafted configuration data.
CVE-2013-2819 1 Sierrawireless 19 Airlink Mp At\&t, Airlink Mp At\&t Wifi, Airlink Mp Bell and 16 more 2025-04-11 N/A
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action.
CVE-2011-0756 1 Trustwave 1 Webdefend 2025-04-11 N/A
The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port.
CVE-2013-2959 1 Ibm 1 Infosphere Optim Data Growth For Oracle E-business Suite 2025-04-11 N/A
The Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not provide an encrypted session for transmitting login credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2013-3409 1 Cisco 1 Prime Central For Hosted Collaboration Solution 2025-04-11 N/A
The portal in Cisco Prime Central for Hosted Collaboration Solution (HCS) places cleartext credentials in temporary files, which allows local users to obtain sensitive information by leveraging weak file permissions to read these files, aka Bug IDs CSCuh33735 and CSCuh34230.
CVE-2013-3454 1 Cisco 11 Telepresence System 1300, Telepresence System 1300-65, Telepresence System 3000 and 8 more 2025-04-11 N/A
Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via HTTPS requests, aka Bug ID CSCui43128.
CVE-2013-3455 1 Cisco 1 Finesse 2025-04-11 N/A
Cisco Finesse allows remote attackers to obtain sensitive information by sniffing the network for HTTP query data, aka Bug ID CSCug16732.
CVE-2013-3471 1 Cisco 1 Identity Services Engine Software 2025-04-11 N/A
The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515.
CVE-2023-45592 1 Ailux 1 Imx6 2025-04-10 6.8 Medium
A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser (due to the binary being executed with the “--no-sandbox” option and with root privileges) exacerbates the impacts of successful attacks executed against the browser. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
CVE-2022-41290 1 Ibm 2 Aix, Vios 2025-04-10 8.4 High
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. IBM X-Force ID: 236690.
CVE-2024-31810 1 Totolink 2 Ex200, Ex200 Firmware 2025-04-09 9.8 Critical
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
CVE-2024-34211 1 Totolink 2 Cp450, Cp450 Firmware 2025-04-09 8.8 High
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
CVE-2022-47024 2 Redhat, Vim 2 Enterprise Linux, Vim 2025-04-03 7.8 High
A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.
CVE-2024-35395 1 Totolink 3 Cp900 L, Cp900l, Cp900l Firmware 2025-04-03 8.8 High
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.