Export limit exceeded: 343957 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (779 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4425 | 1 Osirix-viewer | 2 Osirix, Osirix Md | 2025-04-11 | N/A |
| The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key. | ||||
| CVE-2013-7305 | 1 E107 | 1 E107 | 2025-04-11 | N/A |
| fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user. | ||||
| CVE-2013-5193 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials. | ||||
| CVE-2013-5400 | 1 Ibm | 1 Platform Symphony | 2025-04-11 | N/A |
| An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local environment" access via unknown vectors. | ||||
| CVE-2013-5430 | 1 Ibm | 1 Security Appscan | 2025-04-11 | N/A |
| The Jazz Team Server component in IBM Security AppScan Enterprise 8.x before 8.8 has a default username and password, which makes it easier for remote authenticated users to obtain unspecified access to this component by leveraging this credential information in an environment with applicable component installation details. | ||||
| CVE-2014-0647 | 2 Apple, Starbucks | 2 Iphone Os, Starbucks | 2025-04-11 | N/A |
| The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics log file (/Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog), which allows attackers to discover usernames, passwords, and e-mail addresses via an application that reads session.clslog. | ||||
| CVE-2011-0354 | 1 Cisco | 3 Tandberg Endpoint, Tandberg Personal Video Unit, Tandberg Personal Video Unit Software | 2025-04-11 | N/A |
| The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method. | ||||
| CVE-2011-0412 | 1 Sun | 1 Sunos | 2025-04-11 | N/A |
| Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks. | ||||
| CVE-2013-5635 | 1 Checkpoint | 1 Endpoint Security | 2025-04-11 | N/A |
| Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by entering password guesses within multiple Unlock.exe processes that are running simultaneously. | ||||
| CVE-2009-4945 | 1 Atutor | 1 Acollab | 2025-04-11 | N/A |
| AdPeeps 8.5d1 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via requests to index.php. | ||||
| CVE-2009-5021 | 1 Michael Dehaan | 1 Cobbler | 2025-04-11 | N/A |
| Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password. | ||||
| CVE-2009-5066 | 1 Redhat | 5 Jboss Community Application Server, Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform and 2 more | 2025-04-11 | N/A |
| twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments. | ||||
| CVE-2010-1135 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-11 | N/A |
| The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse. | ||||
| CVE-2010-2083 | 1 Microsoft | 1 Dynamics Gp | 2025-04-11 | N/A |
| Microsoft Dynamics GP has a default value of ACCESS for the system password, which might make it easier for remote authenticated users to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2010-2082 | 1 Cisco | 1 Scientific Atlanta Webstar Dpc2100r2 | 2025-04-11 | N/A |
| The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 has a default administrative password (aka SAPassword) of W2402, which makes it easier for remote attackers to obtain privileged access. | ||||
| CVE-2010-2387 | 1 Gnome | 1 Gnome Display Manager | 2025-04-11 | N/A |
| vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs. | ||||
| CVE-2010-3038 | 2 Cisco, Linux | 5 Unified Videoconferencing System 5110, Unified Videoconferencing System 5110 Firmware, Unified Videoconferencing System 5115 and 2 more | 2025-04-11 | N/A |
| Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008. | ||||
| CVE-2010-3122 | 1 Devonit | 1 Thin-client Management Tool | 2025-04-11 | N/A |
| The DevonIT thin-client management tool relies on a shared secret for authentication but transmits the secret in cleartext, which makes it easier for remote attackers to discover the secret value, and consequently obtain administrative control over client machines, by sniffing the network. | ||||
| CVE-2010-3684 | 1 Synology | 13 Disk Station Ds1010\+, Disk Station Ds109, Disk Station Ds110\+ and 10 more | 2025-04-11 | N/A |
| The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453. | ||||
| CVE-2010-4303 | 2 Cisco, Linux | 5 Unified Videoconferencing System 5110, Unified Videoconferencing System 5110 Firmware, Unified Videoconferencing System 5115 and 2 more | 2025-04-11 | N/A |
| Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses world-readable permissions for the /etc/shadow file, which allows local users to discover encrypted passwords by reading this file, aka Bug ID CSCti54043. | ||||