ReportizFlow
Filtered by vendor
Subscriptions
Total
780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0709 | 1 Cisco | 1 Ucs Director | 2025-04-11 | N/A |
| Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930. | ||||
| CVE-2010-0557 | 1 Ibm | 1 Cognos Express | 2025-04-11 | N/A |
| IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials. | ||||
| CVE-2012-4362 | 1 Hp | 2 San\/iq, Virtual San Appliance | 2025-04-11 | N/A |
| hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838. | ||||
| CVE-2012-4610 | 1 Emc | 1 Avamar | 2025-04-11 | N/A |
| EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to the proxy client. | ||||
| CVE-2012-4856 | 1 Ibm | 2 Power 5, Power 5 System Firmware | 2025-04-11 | N/A |
| The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2013-5450 | 1 Ibm | 1 Security Appscan | 2025-04-11 | N/A |
| IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authentication is enabled, allows man-in-the-middle attackers to obtain sensitive information or modify data by leveraging an improperly protected URL to obtain a session token. | ||||
| CVE-2013-6687 | 1 Cisco | 1 Webex Meetings Server | 2025-04-11 | N/A |
| The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source code, aka Bug ID CSCul33876. | ||||
| CVE-2010-5092 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | N/A |
| The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database. | ||||
| CVE-2012-2742 | 1 Mikel Olasagasti | 1 Revelation | 2025-04-11 | N/A |
| Revelation 0.4.13-2 and earlier uses only the first 32 characters of a password followed by a sequence of zeros, which reduces the entropy and makes it easier for context-dependent attackers to crack passwords and obtain access to keys via a brute-force attack. | ||||
| CVE-2013-4967 | 1 Puppet | 1 Puppet Enterprise | 2025-04-11 | N/A |
| Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes. | ||||
| CVE-2012-4933 | 1 Novell | 1 Zenworks Asset Management | 2025-04-11 | N/A |
| The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function. | ||||
| CVE-2010-3897 | 1 Ibm | 1 Omnifind | 2025-04-11 | N/A |
| ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file. | ||||
| CVE-2013-2579 | 1 Tp-link | 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more | 2025-04-11 | N/A |
| TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded "qmik" account, which allows remote attackers to obtain administrative access via a TELNET session. | ||||
| CVE-2013-7004 | 1 Dlink | 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more | 2025-04-11 | N/A |
| D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username. | ||||
| CVE-2012-2664 | 1 Redhat | 2 Enterprise Linux, Sos | 2025-04-11 | N/A |
| The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes. | ||||
| CVE-2013-3471 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-11 | N/A |
| The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515. | ||||
| CVE-2013-3497 | 1 Juniper | 3 Junos Space, Junos Space Ja1500 Appliance, Junos Space Virtual Appliance | 2025-04-11 | N/A |
| Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance and in other contexts, includes a cleartext password in a configuration tab, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen. | ||||
| CVE-2012-2630 | 1 Bandainamcogames | 1 Madomagi-ip Android | 2025-04-11 | N/A |
| The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a crafted application. | ||||
| CVE-2010-2083 | 1 Microsoft | 1 Dynamics Gp | 2025-04-11 | N/A |
| Microsoft Dynamics GP has a default value of ACCESS for the system password, which might make it easier for remote authenticated users to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2013-5535 | 1 Cisco | 3 Video Surveillance 4000 Ip Camera, Video Surveillance 4300e Ip Camera, Video Surveillance 4500e Ip Camera | 2025-04-11 | N/A |
| The analytics page on Cisco Video Surveillance 4000 IP cameras has hardcoded credentials, which allows remote attackers to watch the video feed by leveraging knowledge of the password, aka Bug IDs CSCuj70402 and CSCuj70419. | ||||