Total
755 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-4303 | 2 Cisco, Linux | 5 Unified Videoconferencing System 5110, Unified Videoconferencing System 5110 Firmware, Unified Videoconferencing System 5115 and 2 more | 2024-09-16 | N/A |
Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses world-readable permissions for the /etc/shadow file, which allows local users to discover encrypted passwords by reading this file, aka Bug ID CSCti54043. | ||||
CVE-2014-2264 | 1 Synology | 1 Diskstation Manager | 2024-09-16 | N/A |
The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session. | ||||
CVE-2001-1594 | 1 Gehealthcare | 1 Entegra P\&r | 2024-08-08 | N/A |
GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P&R user account, (5) insite for the WinVNC Login, and possibly other accounts, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
CVE-2002-2446 | 1 Gehealthcare | 3 Millennium Mg Firmware, Millennium Myosight Firmware, Millennium Nc Firmware | 2024-08-08 | N/A |
GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors. | ||||
CVE-2002-2301 | 1 Lawson Software | 1 Lawson Financials | 2024-08-08 | N/A |
Lawson Financials 8.0, when configured to use a third party relational database, stores usernames and passwords in a world-readable file, which allows local users to read the passwords and log onto the database. | ||||
CVE-2002-2290 | 1 Mambo | 1 Mambo Site Server | 2024-08-08 | N/A |
Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges. | ||||
CVE-2003-1588 | 1 Sun | 1 Cluster | 2024-08-08 | N/A |
Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file. | ||||
CVE-2003-1605 | 1 Haxx | 1 Curl | 2024-08-08 | N/A |
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server. | ||||
CVE-2003-1603 | 1 Gehealthcare | 1 Discovery Vh | 2024-08-08 | N/A |
GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors. | ||||
CVE-2003-1483 | 1 Flashfxp | 1 Flashfxp | 2024-08-08 | N/A |
FlashFXP 1.4 uses a weak encryption algorithm for user passwords, which allows attackers to decrypt the passwords and gain access. | ||||
CVE-2003-1394 | 1 Coffeecup Software | 1 Coffeecup Password Wizard | 2024-08-08 | N/A |
CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file. | ||||
CVE-2003-1424 | 1 Petitforum | 1 Petitforum | 2024-08-08 | N/A |
message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie. | ||||
CVE-2003-1439 | 1 Silc | 1 Secure Internet Live Conferencing | 2024-08-08 | N/A |
Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information. | ||||
CVE-2003-1401 | 1 Php Board | 1 Php Board | 2024-08-08 | N/A |
login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request. | ||||
CVE-2003-1417 | 1 Ncipher | 1 Support Software | 2024-08-08 | N/A |
nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files. | ||||
CVE-2003-1376 | 1 Winzip | 1 Winzip | 2024-08-08 | N/A |
WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder. | ||||
CVE-2004-2722 | 1 Nessus | 1 Nessus | 2024-08-08 | N/A |
Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the original researcher reports that the vendor has disputed this issue | ||||
CVE-2004-2777 | 1 Gehealthcare | 1 Centricity Image Vault Firmware | 2024-08-08 | N/A |
GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
CVE-2004-2696 | 1 Bea | 1 Weblogic Server | 2024-08-08 | N/A |
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call. | ||||
CVE-2004-2723 | 1 Nessus | 1 Nessuswx | 2024-08-08 | N/A |
NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords. |