Total
756 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-2082 | 1 Bestpractical | 1 Rt | 2024-08-06 | N/A |
| The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0009. | ||||
| CVE-2011-2024 | 1 Cisco | 1 Cns Network Registrar | 2024-08-06 | N/A |
| Cisco Network Registrar before 7.2 has a default administrative password, which makes it easier for remote attackers to obtain access via a TCP session, aka Bug ID CSCsm50627. | ||||
| CVE-2011-1835 | 2 Ecryptfs, Redhat | 3 Ecryptfs-utils, Ecryptfs Utils, Enterprise Linux | 2024-08-06 | N/A |
| The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps. | ||||
| CVE-2011-1773 | 2 Matthew Booth, Redhat | 2 Virt-v2v, Enterprise Linux | 2024-08-06 | N/A |
| virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password. | ||||
| CVE-2011-1742 | 1 Emc | 1 Data Protection Advisor | 2024-08-06 | N/A |
| EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file. | ||||
| CVE-2011-1690 | 1 Bestpractical | 1 Rt | 2024-08-06 | N/A |
| Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors. | ||||
| CVE-2011-1623 | 1 Cisco | 2 Media Experience Engine 5600, Media Processing Software | 2024-08-06 | N/A |
| Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1) the local console, (2) an SSH session, or (3) a TELNET session, aka Bug ID CSCto77737. | ||||
| CVE-2011-1560 | 1 Ibm | 1 Soliddb | 2024-08-06 | N/A |
| solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x and 6.3.x before 6.3.47, and 6.5.x before 6.5.0.3 uses a password-hash length specified by the client, which allows remote attackers to bypass authentication via a short length value. | ||||
| CVE-2011-1035 | 1 Pivotx | 1 Pivotx | 2024-08-06 | N/A |
| The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors. | ||||
| CVE-2011-1007 | 1 Bestpractical | 1 Rt | 2024-08-06 | N/A |
| Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout. | ||||
| CVE-2011-0951 | 1 Cisco | 1 Secure Access Control System | 2024-08-06 | N/A |
| The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440. | ||||
| CVE-2011-0885 | 1 Smc Networks | 2 Smcd3g-ccr, Smcd3g-ccr Firmware | 2024-08-06 | N/A |
| A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) web interface or (2) TELNET interface. | ||||
| CVE-2011-0412 | 1 Sun | 1 Sunos | 2024-08-06 | N/A |
| Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks. | ||||
| CVE-2011-0423 | 1 Polyvision | 2 Roomwizard, Roomwizard Firmware | 2024-08-06 | N/A |
| The PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administrator account, which makes it easier for remote attackers to obtain console access via an HTTP session, a different vulnerability than CVE-2010-0214. | ||||
| CVE-2011-0354 | 1 Cisco | 3 Tandberg Endpoint, Tandberg Personal Video Unit, Tandberg Personal Video Unit Software | 2024-08-06 | N/A |
| The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method. | ||||
| CVE-2012-6693 | 1 Gehealthcare | 1 Centricity Pacs Server | 2024-08-06 | N/A |
| GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors. | ||||
| CVE-2012-6695 | 1 Gehealthcare | 1 Centricity Pacs Workstation | 2024-08-06 | N/A |
| GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
| CVE-2012-6694 | 1 Gehealthcare | 2 Centricity Pacs Server, Centricity Pacs Workstation | 2024-08-06 | N/A |
| GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it. | ||||
| CVE-2012-6660 | 1 Gehealthcare | 1 Precision Mpi | 2024-08-06 | N/A |
| GE Healthcare Precision MPi has a password of (1) orion for the serviceapp user, (2) orion for the clinical operator user, and (3) PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
| CVE-2012-6596 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-06 | N/A |
| Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 stores cleartext LDAP bind passwords in authd.log, which allows context-dependent attackers to obtain sensitive information by reading this file, aka Ref ID 35493. | ||||