Total
1328 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-5686 | 1 Zpanelcp | 1 Zpanel | 2024-11-21 | 9.8 Critical |
ZPanel 10.0.1 has insufficient entropy for its password reset process. | ||||
CVE-2012-4712 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2024-11-21 | N/A |
Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors. | ||||
CVE-2012-4381 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 8.1 High |
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors. | ||||
CVE-2012-3503 | 4 Cloudforms Systemengine, Redhat, Rhel Sam and 1 more | 4 1, Enterprise Linux Server, 1.1 and 1 more | 2024-11-21 | 9.8 Critical |
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token. | ||||
CVE-2012-2166 | 1 Ibm | 8 Xiv Storage System 2810-114, Xiv Storage System 2810-114 Firmware, Xiv Storage System 2810-a14 and 5 more | 2024-11-21 | N/A |
IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041. | ||||
CVE-2010-2772 | 1 Siemens | 2 Simatic Pcs 7, Simatic Wincc | 2024-11-21 | 7.8 High |
Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568. | ||||
CVE-2010-2073 | 1 Debian | 1 Pyftpd | 2024-11-21 | 7.5 High |
auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP server. | ||||
CVE-2010-1573 | 1 Linksys | 2 Wap54g, Wap54g Firmware | 2024-11-21 | 9.8 Critical |
Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi. | ||||
CVE-2009-5154 | 1 Mobotix | 2 S14, S14 Firmware | 2024-11-21 | N/A |
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account. | ||||
CVE-2008-2369 | 1 Redhat | 2 Network Satellite, Satellite | 2024-11-21 | 9.1 Critical |
manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements. | ||||
CVE-2008-1160 | 1 Zyxel | 2 Zywall 1050, Zywall 1050 Firmware | 2024-11-21 | 9.8 Critical |
ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges. | ||||
CVE-2008-0961 | 1 Emc | 1 Diskxtender | 2024-11-21 | 9.8 Critical |
EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface. | ||||
CVE-2007-1063 | 1 Cisco | 12 Unified Ip Phone 7906g, Unified Ip Phone 7911g, Unified Ip Phone 7941g and 9 more | 2024-11-21 | N/A |
The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device. | ||||
CVE-2006-7142 | 1 Utimaco | 1 Safeguard | 2024-11-21 | 7.8 High |
The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive. | ||||
CVE-2006-7074 | 1 Smartsitecms | 1 Smartsitecms | 2024-11-21 | N/A |
admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie. | ||||
CVE-2005-3803 | 1 Cisco | 2 Unified Wireless Ip Phone 7920, Unified Wireless Ip Phone 7920 Firmware | 2024-11-21 | 7.5 High |
Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information. | ||||
CVE-2005-3716 | 1 Utstarcom | 2 F1000 Wi-fi, F1000 Wi-fi Firmware | 2024-11-21 | 7.5 High |
The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive information. | ||||
CVE-2005-0496 | 1 Arkeia | 1 Network Backup | 2024-11-20 | 9.8 Critical |
Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands. | ||||
CVE-2000-1139 | 1 Microsoft | 1 Exchange Server | 2024-11-20 | N/A |
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability. | ||||
CVE-2024-7295 | 1 Progress | 1 Telerik Report Server | 2024-11-18 | 7.1 High |
In ProgressĀ® TelerikĀ® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. |