Total
769 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3548 | 1 Apache | 1 Tomcat | 2025-04-09 | 7.5 HIGH | N/A |
| The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges. | |||||
| CVE-2007-4598 | 1 Ibm | 1 Surepos 500 | 2025-04-09 | 4.6 MEDIUM | N/A |
| IBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts. | |||||
| CVE-2008-0724 | 1 The Everything Development Company | 1 The Everything Development Engine | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Everything Development Engine in The Everything Development System Pre-1.0 and earlier stores passwords in cleartext in a database, which makes it easier for context-dependent attackers to obtain access to user accounts. | |||||
| CVE-2009-4463 | 1 Intellicom | 3 Netbiter Webscada Firmware, Netbiter Webscada Ws100, Netbiter Webscada Ws200 | 2025-04-09 | 10.0 HIGH | N/A |
| Intellicom NetBiter WebSCADA devices use default passwords for the HICP network configuration service, which makes it easier for remote attackers to modify network settings and cause a denial of service. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: this issue was originally reported to be hard-coded passwords, not default passwords. | |||||
| CVE-2009-0013 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 2.1 LOW | N/A |
| dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information. | |||||
| CVE-2008-1542 | 1 Airspan | 1 Base Station Distribution Unit | 2025-04-09 | 7.5 HIGH | N/A |
| Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its password for the root account, which allows remote attackers to obtain administrative access via a telnet login, a different vulnerability than CVE-2008-1262. | |||||
| CVE-2009-2084 | 1 Llnl | 1 Slurm | 2025-04-09 | 7.2 HIGH | N/A |
| Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 before 1.3.14 does not properly set supplementary groups before invoking (1) sbcast from the slurmd daemon or (2) strigger from the slurmctld daemon, which might allow local SLURM users to modify files and gain privileges. | |||||
| CVE-2007-4526 | 2 Netiq, Novell | 2 Identity Manager, Client Login Extension \(cle\) | 2025-04-09 | 2.1 LOW | N/A |
| The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the username and password in a local file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2009-1075 | 1 Sun | 1 Java System Identity Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
| Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2009-2435 | 1 Ibm | 1 Lotus Instant Messaging And Web Conferencing | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2008-6232 | 1 Preprojects | 1 Pre Shopping Mall | 2025-04-09 | 7.5 HIGH | N/A |
| Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | |||||
| CVE-2008-1184 | 1 Dnssec-tools | 1 Dnssec-tools | 2025-04-09 | 5.0 MEDIUM | N/A |
| The DNSSEC validation library (libval) library in dnssec-tools before 1.3.1 does not properly check that the signing key is the APEX trust anchor, which might allow attackers to conduct unspecified attacks. | |||||
| CVE-2008-1394 | 1 Plone | 1 Plone Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network. | |||||
| CVE-2008-6577 | 1 Nortel | 1 Cs1000 | 2025-04-09 | 10.0 HIGH | N/A |
| Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges. | |||||
| CVE-2007-6260 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed. | |||||
| CVE-2008-5188 | 1 Ecryptfs | 1 Ecryptfs Utils | 2025-04-09 | 7.2 HIGH | N/A |
| The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2009-1465 | 1 Klinzmann | 1 Application Access Server | 2025-04-09 | 7.5 HIGH | N/A |
| Application Access Server (A-A-S) 2.0.48 has "wildbat" as its default password for the admin account, which makes it easier for remote attackers to obtain access. | |||||
| CVE-2009-0656 | 1 Asus | 1 Smartlogon | 2025-04-09 | 6.9 MEDIUM | N/A |
| Asus SmartLogon 1.0.0005 allows physically proximate attackers to bypass "security functions" by presenting an image with a modified viewpoint that matches the posture of a stored image of the authorized notebook user. | |||||
| CVE-2008-6524 | 1 Cale Dunlap | 1 Openinvoice | 2025-04-09 | 6.5 MEDIUM | N/A |
| resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication. | |||||
| CVE-2008-6191 | 1 Intrinsic | 1 Swimage Encore | 2025-04-09 | 2.1 LOW | N/A |
| Conductor.exe in Intrinsic Swimage Encore before 5.0.1.21 contains a hardcoded password, which might allow local users to decrypt certain .bin files. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||||