Search Results (782 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-9248 1 Zenoss 1 Zenoss Core 2025-04-12 N/A
Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406.
CVE-2015-0972 1 Pearson 1 Proctorcache 2025-04-12 N/A
Pearson ProctorCache before 2015.1.17 uses the same hardcoded password across different customers' installations, which allows remote attackers to modify test metadata or cause a denial of service (test disruption) by leveraging knowledge of this password.
CVE-2015-8362 1 Harman 1 Amx Firmware 2025-04-12 N/A
The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2016-1984.
CVE-2014-0347 1 Websense 5 Triton Unified Security Center, Triton Web Filter, Triton Web Security and 2 more 2025-04-12 N/A
The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component.
CVE-2016-2282 1 Moxa 16 Ioadmin Firmware, Iologik E2210, Iologik E2210-t and 13 more 2025-04-12 N/A
Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors.
CVE-2016-9479 1 B2evolution 1 B2evolution 2025-04-12 N/A
The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request.
CVE-2015-2766 1 Websense 1 Triton Ap Email 2025-04-12 N/A
The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allows attackers to have unspecified impact via a brute force attack.
CVE-2015-2012 1 Ibm 1 Websphere Mq 2025-04-12 N/A
The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file.
CVE-2013-1430 2 Debian, Neutrinolabs 2 Debian Linux, Xrdp 2025-04-12 N/A
An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key.
CVE-2014-2969 1 Netgear 2 Gs108pe, Gs108pe Firmware 2025-04-12 N/A
NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi.
CVE-2014-0246 1 Sosreport Project 1 Sosreport 2025-04-12 N/A
SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive.
CVE-2016-0330 1 Ibm 1 Security Identity Manager Adapter 2025-04-12 N/A
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles password creation, which makes it easier for remote attackers to obtain access by leveraging an attack against the password algorithm.
CVE-2016-1984 1 Harman 1 Amx Firmware 2025-04-12 N/A
The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2015-8362.
CVE-2015-6524 2 Apache, Fedoraproject 2 Activemq, Fedora 2025-04-12 N/A
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.
CVE-2015-7921 1 Schneider-electric 4 Proface Gp-pro Ex Ex-ed, Proface Gp-pro Ex Pfxexedls, Proface Gp-pro Ex Pfxexedv and 1 more 2025-04-12 9.1 Critical
The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials.
CVE-2015-2864 1 Retrospect 2 Retrospect, Retrospect Client 2025-04-12 N/A
Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before 10.0.2.104 on Linux improperly generate password hashes, which makes it easier for remote attackers to bypass authentication and obtain access to backup files by leveraging a collision.
CVE-2015-3001 1 Sysaid 1 Sysaid 2025-04-12 N/A
SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.
CVE-2016-2871 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-12 N/A
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information by reading a configuration file.
CVE-2015-8945 1 Openshift 1 Origin 2025-04-12 N/A
openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal.
CVE-2014-3068 2 Ibm, Redhat 3 Java, Network Satellite, Rhel Extras 2025-04-12 N/A
IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack.