CWE:
 

Topic
Date
Author
High
Yealink VoIP Phone SIP-T38G Default Credentials
18.07.2014
RingZer0 Team
High
Ammyy Admin 3.2 Access Bypass
21.01.2014
Bhadresh Patel
Low
Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
16.02.2011
VMware Security team
High
Comcast DOCSIS 3.0 Business Gateways Multiple Vulnerabilities
10.02.2011
Trustwave's SpiderLabs
High
Tandberg E, EX and C Series Endpoints Default Credentials for Root Account
05.02.2011
Cisco Security
High
RoomWizard Default Password and Sync Connector Credential Leak
15.01.2011
Sean Lam
High
SAP BusinessObjects Axis2 Default Admin Password
18.10.2010
HD Moore (HD_Moore rap...
Low
Synology Disk Station Web commands injection
02.10.2010
Rodrigo Branco
High
AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities
22.07.2010
MaXe
High
Linksys WAP54Gv3 Remote Debug Root Shell
13.06.2010
Cristofaro Mune
Low
Chrome Password Manager Cross Origin Weakness
20.02.2010
Timothy D. Morgan
High
evalSMSI 2.1.03 Multiple Input Validation Vulnerabilities
14.02.2010
Peter Van Eeckhoutte
High
HP Operations Agent 8.53 (solaris 10) Remote Unauthorized Access
11.02.2010
HP
High
GNU libc glibc: NIS shadow password
18.01.2010
Christoph Pleger
High
Exposing HMS HICP Protocol + Intellicom Remote Buffer Overflow
31.12.2009
Reversemode
High
news script HB-NS v1.3 Remote Admin Vulnerability
15.12.2009
kurdish hackers team
High
Radio istek scripti 2.5 remote configuration disclosure
27.11.2009
kurdish hackers team
High
Riorey "RIOS" Hardcoded Password Vulnerability
19.10.2009
Marek Kroemeke
High
Simple Machines Forum <= 1.1.5 Admin Reset Password Exploit (win32)
15.08.2009
Raz0r
Med.
X10media Mp3 Search Engine <= 1.6 Remote File Disclosure Vulnerability
14.08.2009
THUNDER
Med.
WordPress <= 2.8.3 Remote Admin Reset Password Vulnerability
11.08.2009
Laurent Gaffié
Med.
Gizmo SSL Certificate Vulnerability
11.07.2009
Gabriel Menezes Nunes
High
Multiple Flaws in Axesstel MV 410R
03.07.2009
Filip Palian
High
Multiple Flaws in Huawei D100
01.07.2009
Filip Palian
Med.
Blogator-script 0.95 Change User Password Vulnerbility
18.03.2009
hadihadi zedehal
Med.
PHPRunner SQL Injection
18.03.2009
AmnPardaz
Low
Constructr CMS <= 3.02.5 Stable Multiple Remote Vulnerabilities
07.01.2009
nukeit
Med.
Philips VOIP841 Multiple Vulnerabilities
03.11.2008
luca carettoni securen...
Low
Windows Mobile 6 insecure password handling and too short WLAN-password
09.10.2008
MC Iglo
High
Linksys/Cisco WRT350N 1.0.3.7 Insecure Samba Static Configuration
28.09.2008
Teh Kotak
Med.
Thickbox Gallery v2 (admins.php) Admin Data Disclosure Vulnerability
30.08.2008
SirGod
Med.
Crafty Syntax Live Help <= 2.14.6 SQL Injection
26.08.2008
GulfTech


CVEMAP Search Results

CVE
Details
Description
2015-02-03
Medium
CVE-2015-1455

Vendor: Fortinet
Software: Fortiauthent...
 

 
Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors.

 
High
CVE-2015-0930

Vendor: Servision
Software: Hvg video ga...
 

 
The web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which makes it easier for remote attackers to obtain access via an HTTP session.

 
2015-01-27
High
CVE-2014-9198

Vendor: Schneider-electric
Software: Tsxetg3000
 

 
The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session.

 
2015-01-16
High
CVE-2014-3692

Vendor: Redhat
Software: Cloudforms 3...
 

 
The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges.

 
Medium
CVE-2014-9195

Vendor: Pheonixcontact-software
Software: Multiprog
 

 
Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.

 
2015-01-03
Low
CVE-2010-5318

Vendor: Basic-cms
Software: Sweetrice
 

 
The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator's password by specifying the administrator's e-mail address in the email parameter.

 
2014-12-18
High
CVE-2014-9406

Vendor: Arris
Software: Touchstone t...
 

 
ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to home_loggedout.php.

 
2014-12-09
High
CVE-2014-8496

Vendor: Digicom
Software: Dg-5514t ads...
 

 
Digicom DG-5514T ADSL router with firmware 3.2 generates predictable session IDs, which allows remote attackers to gain administrator privileges via a brute force session hijacking attack.

 
2014-12-02
High
CVE-2014-9183

Vendor: ZTE
Software: Zxdsl
 

 
ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges.

 
2014-12-01
Medium
CVE-2014-9152

Vendor: Services project
Software: Services
 

 
The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess the password via a brute force attack.

 

 


Copyright 2017, cxsecurity.com