Filtered by vendor
Subscriptions
Total
756 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-3130 | 1 Blackberry | 1 Enterprise Service | 2024-11-21 | N/A |
An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt. | ||||
CVE-2016-2972 | 1 Ibm | 1 Sametime | 2024-11-21 | N/A |
IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. IBM X-Force ID: 113855. | ||||
CVE-2016-2936 | 1 Ibm | 1 Bigfix Remote Control | 2024-11-21 | N/A |
IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors. | ||||
CVE-2016-2871 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | N/A |
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information by reading a configuration file. | ||||
CVE-2016-2331 | 1 Systech | 2 Syslink Sl-1000 Modular Gateway, Syslink Sl-1000 Modular Gateway Firmware | 2024-11-21 | N/A |
The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
CVE-2016-2311 | 1 Blackbox | 22 Alertwerks Servsensor Eme106a, Alertwerks Servsensor Eme108a-r2, Alertwerks Servsensor Eme109a-r2 and 19 more | 2024-11-21 | N/A |
Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover administrator and user passwords via unspecified vectors. | ||||
CVE-2016-2283 | 1 Moxa | 16 Ioadmin Firmware, Iologik E2210, Iologik E2210-t and 13 more | 2024-11-21 | N/A |
Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. | ||||
CVE-2016-2282 | 1 Moxa | 16 Ioadmin Firmware, Iologik E2210, Iologik E2210-t and 13 more | 2024-11-21 | N/A |
Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. | ||||
CVE-2016-2230 | 1 Openelec | 1 Openelec | 2024-11-21 | N/A |
OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session. | ||||
CVE-2016-2203 | 1 Symantec | 1 Messaging Gateway | 2024-11-21 | N/A |
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. | ||||
CVE-2016-1984 | 1 Harman | 1 Amx Firmware | 2024-11-21 | N/A |
The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2015-8362. | ||||
CVE-2016-1927 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | N/A |
The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach. | ||||
CVE-2016-1601 | 1 Suse | 4 Linux Enterprise Desktop, Linux Enterprise Server, Linux Enterprise Software Development Kit and 1 more | 2024-11-21 | N/A |
yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown vectors. | ||||
CVE-2016-1491 | 1 Lenovo | 1 Shareit | 2024-11-21 | N/A |
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area. | ||||
CVE-2016-1394 | 1 Cisco | 1 Firesight System Software | 2024-11-21 | N/A |
Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238. | ||||
CVE-2016-1356 | 1 Cisco | 1 Firesight System Software | 2024-11-21 | N/A |
Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615. | ||||
CVE-2016-1341 | 1 Cisco | 1 Nx-os | 2024-11-21 | N/A |
Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079. | ||||
CVE-2016-1307 | 2 Zyxel, Zzinc | 2 Gs1900-10hp Firmware, Keymouse Firmware | 2024-11-21 | N/A |
The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. | ||||
CVE-2016-1265 | 1 Juniper | 1 Junos Space | 2024-11-21 | N/A |
A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected. | ||||
CVE-2016-10821 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75). |