Search Results (782 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-2751 1 Sap 1 Print And Output Management 2025-04-12 N/A
SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-4011 1 Sap 1 Capacity Leveling 2025-04-12 N/A
SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-4012 1 Sap 1 Open Hub Service 2025-04-12 N/A
SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-2264 1 Synology 1 Diskstation Manager 2025-04-12 N/A
The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session.
CVE-2016-2871 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-12 N/A
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information by reading a configuration file.
CVE-2014-0184 1 Redhat 2 Cloudforms 3.0 Management Engine, Cloudforms Managementengine 2025-04-12 N/A
Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file.
CVE-2013-4440 1 Pwgen Project 1 Pwgen 2025-04-12 N/A
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.
CVE-2009-5143 1 Gehealthcare 1 Discovery 530c Firmware 2025-04-12 N/A
GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
CVE-2009-5149 1 Arris 4 Dg860a, Na Model 862 Gw Mono Firmware, Tg862a and 1 more 2025-04-12 N/A
Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a "password of the day" issue.
CVE-2015-6336 1 Cisco 5 Aironet 1830e, Aironet 1830i, Aironet 1850e and 2 more 2025-04-12 N/A
Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have a default account, which makes it easier for remote attackers to obtain access via unspecified vectors, aka Bug ID CSCuw58062.
CVE-2015-6846 1 Emc 1 Sourceone Email Supervisor 2025-04-12 N/A
EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption keys, which makes it easier for attackers to obtain access by examining how a program's code conducts cryptographic operations.
CVE-2002-2446 1 Gehealthcare 3 Millennium Mg Firmware, Millennium Myosight Firmware, Millennium Nc Firmware 2025-04-12 N/A
GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors.
CVE-2011-5323 1 Gehealthcare 1 Centricity Pacs-iw 2025-04-12 N/A
GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions has a password of A11enda1e for the sa SQL server user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
CVE-2013-5755 1 Yealink 1 Sip-t38g 2025-04-12 N/A
config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2012-3359 1 Redhat 3 Conga, Enterprise Linux, Rhel Cluster 2025-04-12 N/A
Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect enforcement of a user timeout.
CVE-2013-4285 1 Dkorunic 1 Pam S\/key 2025-04-12 N/A
A certain Gentoo patch for the PAM S/Key module does not properly clear credentials from memory, which allows local users to obtain sensitive information by reading system memory.
CVE-2013-6223 1 Livezilla 1 Livezilla 2025-04-12 N/A
LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file.
CVE-2013-6372 2 Jenkins-ci, Redhat 2 Subversion-plugin, Openshift 2025-04-12 N/A
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.
CVE-2014-1849 1 Foscam 1 Ip Camera Firmware 2025-04-12 N/A
Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by modifying arbitrary camera records in the Foscam DNS server.
CVE-2014-0105 2 Openstack, Redhat 3 Python-keystoneclient, Openstack, Storage 2025-04-12 N/A
The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."