Total
760 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-0570 | 1 Cisco | 1 Digital Media Manager | 2025-04-11 | N/A |
| Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x has a default password for the Tomcat administration account, which makes it easier for remote attackers to execute arbitrary code via a crafted web application, aka Bug ID CSCta03378. | ||||
| CVE-2010-0557 | 1 Ibm | 1 Cognos Express | 2025-04-11 | N/A |
| IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials. | ||||
| CVE-2014-0675 | 1 Cisco | 1 Telepresence Video Communication Server | 2025-04-11 | N/A |
| The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471. | ||||
| CVE-2010-0556 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element. | ||||
| CVE-2014-0842 | 1 Ibm | 1 Rational Focal Point | 2025-04-11 | N/A |
| The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code. | ||||
| CVE-2010-0510 | 1 Apple | 1 Mac Os X Server | 2025-04-11 | N/A |
| Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password. | ||||
| CVE-2010-0444 | 2 Hp, Sun | 2 Operations Agent, Solaris | 2025-04-11 | N/A |
| HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a blank password for the opc_op account, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2010-0219 | 2 Apache, Sap | 2 Axis2, Businessobjects | 2025-04-11 | N/A |
| Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. | ||||
| CVE-2010-0124 | 1 Timeclock-software | 1 Employee Timeclock Software | 2025-04-11 | N/A |
| Employee Timeclock Software 0.99 places the database password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2014-1408 | 1 Conceptronic | 2 C54apm, C54apm Firmware | 2025-04-11 | N/A |
| The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks. | ||||
| CVE-2010-0113 | 2 Google, Symantec | 2 Android, Mobile Security | 2025-04-11 | N/A |
| The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs. | ||||
| CVE-2009-5066 | 1 Redhat | 5 Jboss Community Application Server, Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform and 2 more | 2025-04-11 | N/A |
| twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments. | ||||
| CVE-2014-1948 | 2 Openstack, Redhat | 2 Image Registry And Delivery Service \(glance\), Openstack | 2025-04-11 | N/A |
| OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log. | ||||
| CVE-2009-5021 | 1 Michael Dehaan | 1 Cobbler | 2025-04-11 | N/A |
| Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password. | ||||
| CVE-2009-4945 | 1 Atutor | 1 Acollab | 2025-04-11 | N/A |
| AdPeeps 8.5d1 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via requests to index.php. | ||||
| CVE-2009-4781 | 1 Tukeva | 1 Password Reminder | 2025-04-11 | N/A |
| TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for rem.accdb, which allows local users to discover credentials via a DBI connection. | ||||
| CVE-2009-4770 | 1 Jasper | 1 Httpdx | 2025-04-11 | N/A |
| The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access. | ||||
| CVE-2009-4674 | 1 Mole-group | 2 Bus Ticket Script, Sky Hunter Airline Ticket Sale Script | 2025-04-11 | N/A |
| admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified user_id field. | ||||
| CVE-2009-3035 | 1 Symantec | 1 Altiris Notification Server | 2025-04-11 | N/A |
| The web console in Symantec Altiris Notification Server 6.0.x before 6.0 SP3 R12 uses a hardcoded key that can decrypt SQL Server credentials and certain discovery credentials, and stores this key on the Notification Server machine, which allows local users to obtain sensitive information and possibly execute arbitrary code by decrypting and using these credentials. | ||||
| CVE-2008-7311 | 1 Spreecommerce | 1 Spree | 2025-04-11 | N/A |
| The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file. | ||||