Total
759 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3278 | 1 Emc | 4 Geosynchrony, Vplex Geo, Vplex Local and 1 more | 2025-04-11 | 4.9 MEDIUM | N/A |
| EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file. | |||||
| CVE-2013-0678 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | 4.0 MEDIUM | N/A |
| Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query. | |||||
| CVE-2011-0354 | 1 Cisco | 3 Tandberg Endpoint, Tandberg Personal Video Unit, Tandberg Personal Video Unit Software | 2025-04-11 | 10.0 HIGH | N/A |
| The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method. | |||||
| CVE-2013-2352 | 3 Dell, Hp, Ibm | 20 Poweredge 2950, Dl320s, Lefthand Nsm2060 and 17 more | 2025-04-11 | 9.4 HIGH | N/A |
| LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password. | |||||
| CVE-2011-3429 | 1 Apple | 1 Iphone Os | 2025-04-11 | 2.1 LOW | N/A |
| The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file. | |||||
| CVE-2013-4622 | 1 Htc | 1 Droid Incredible | 2025-04-11 | 7.5 HIGH | N/A |
| The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area. | |||||
| CVE-2012-1493 | 1 F5 | 25 Big-ip 1000, Big-ip 11000, Big-ip 11050 and 22 more | 2025-04-11 | 7.8 HIGH | N/A |
| F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option. | |||||
| CVE-2011-4851 | 2 Microsoft, Parallels | 3 Windows 2003 Server, Windows Server 2008, Parallels Plesk Panel | 2025-04-11 | 9.3 HIGH | N/A |
| The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in server/google-tools/ and certain other files. | |||||
| CVE-2012-3013 | 1 Wago | 1 Wago I\/o System 758 Industrial Pc Device | 2025-04-11 | 10.0 HIGH | N/A |
| WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices have default passwords for unspecified Web Based Management accounts, which makes it easier for remote attackers to obtain administrative access via a TCP session. | |||||
| CVE-2013-7248 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2025-04-11 | 10.0 HIGH | N/A |
| Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST. | |||||
| CVE-2010-0444 | 2 Hp, Sun | 2 Operations Agent, Solaris | 2025-04-11 | 10.0 HIGH | N/A |
| HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a blank password for the opc_op account, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2009-4770 | 1 Jasper | 1 Httpdx | 2025-04-11 | 7.5 HIGH | N/A |
| The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access. | |||||
| CVE-2010-0557 | 1 Ibm | 1 Cognos Express | 2025-04-11 | 7.5 HIGH | N/A |
| IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials. | |||||
| CVE-2012-1977 | 1 Wellintech | 1 Kingview | 2025-04-11 | 7.1 HIGH | N/A |
| WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file. | |||||
| CVE-2013-5193 | 1 Apple | 1 Iphone Os | 2025-04-11 | 4.7 MEDIUM | N/A |
| The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials. | |||||
| CVE-2012-4362 | 1 Hp | 2 San\/iq, Virtual San Appliance | 2025-04-11 | 4.0 MEDIUM | N/A |
| hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838. | |||||
| CVE-2013-3455 | 1 Cisco | 1 Finesse | 2025-04-11 | 5.0 MEDIUM | N/A |
| Cisco Finesse allows remote attackers to obtain sensitive information by sniffing the network for HTTP query data, aka Bug ID CSCug16732. | |||||
| CVE-2011-0756 | 1 Trustwave | 1 Webdefend | 2025-04-11 | 5.0 MEDIUM | N/A |
| The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port. | |||||
| CVE-2008-7311 | 1 Spreecommerce | 1 Spree | 2025-04-11 | 5.0 MEDIUM | N/A |
| The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file. | |||||
| CVE-2011-2024 | 1 Cisco | 1 Cns Network Registrar | 2025-04-11 | 10.0 HIGH | N/A |
| Cisco Network Registrar before 7.2 has a default administrative password, which makes it easier for remote attackers to obtain access via a TCP session, aka Bug ID CSCsm50627. | |||||