Total
736 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-7251 | 1 Zte | 2 Zxhn H108n R1a, Zxhn H108n R1a Firmware | 2017-09-12 | 10.0 HIGH | 9.8 CRITICAL |
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. | |||||
CVE-2014-6099 | 1 Ibm | 1 Sterling B2b Integrator | 2017-09-07 | 5.0 MEDIUM | N/A |
The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to obtain admin access via a brute-force approach. | |||||
CVE-2014-9006 | 1 Monstra | 1 Monstra | 2017-09-07 | 5.0 MEDIUM | N/A |
Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values. | |||||
CVE-2007-6756 | 1 Zoll | 1 Monitor\/defibrillator | 2017-09-07 | 4.9 MEDIUM | N/A |
ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a default password for System Configuration mode, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects). | |||||
CVE-2014-6098 | 1 Ibm | 1 Security Identity Manager | 2017-09-07 | 5.0 MEDIUM | N/A |
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request. | |||||
CVE-2014-8034 | 1 Cisco | 1 Webex Meetings Server | 2017-09-07 | 5.0 MEDIUM | N/A |
Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321. | |||||
CVE-2016-2972 | 1 Ibm | 1 Sametime | 2017-09-06 | 2.1 LOW | 7.8 HIGH |
IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. IBM X-Force ID: 113855. | |||||
CVE-2016-0330 | 1 Ibm | 1 Security Identity Manager Adapter | 2017-08-31 | 5.0 MEDIUM | 7.3 HIGH |
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles password creation, which makes it easier for remote attackers to obtain access by leveraging an attack against the password algorithm. | |||||
CVE-2015-7258 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2017-08-30 | 9.0 HIGH | 8.8 HIGH |
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. | |||||
CVE-2015-7259 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2017-08-29 | 9.0 HIGH | 8.8 HIGH |
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs. | |||||
CVE-2014-4811 | 1 Ibm | 5 San Volume Controller Software, Storwize V3500, Storwize V3700 and 2 more | 2017-08-28 | 7.5 HIGH | N/A |
IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Controller 6.x and 7.x before 7.2.0.8 allow remote attackers to reset the administrator superuser password to its default value via a direct request to the administrative IP address. | |||||
CVE-2014-4822 | 1 Ibm | 2 Websphere Mq, Websphere Mq Explorer | 2017-08-28 | 1.9 LOW | N/A |
IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via an unspecified trace operation. | |||||
CVE-2014-4450 | 1 Apple | 1 Iphone Os | 2017-08-28 | 1.9 LOW | N/A |
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements. | |||||
CVE-2014-4775 | 1 Ibm | 2 Infosphere Master Data Management, Infosphere Master Data Management Server For Product Information Management | 2017-08-28 | 5.0 MEDIUM | N/A |
IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1-FP15 and 10.x and 11.x before 11.3-IF2 do not properly protect credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2014-4788 | 1 Ibm | 1 Initiate Master Data Service | 2017-08-28 | 5.0 MEDIUM | N/A |
IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||
CVE-2014-0675 | 1 Cisco | 1 Telepresence Video Communication Server | 2017-08-28 | 6.4 MEDIUM | N/A |
The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471. | |||||
CVE-2014-0842 | 1 Ibm | 1 Rational Focal Point | 2017-08-28 | 5.0 MEDIUM | N/A |
The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code. | |||||
CVE-2014-3068 | 1 Ibm | 1 Java | 2017-08-28 | 6.4 MEDIUM | N/A |
IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack. | |||||
CVE-2014-0329 | 1 Zte | 1 Zxv10 W300 | 2017-08-28 | 9.3 HIGH | N/A |
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password. | |||||
CVE-2014-0755 | 1 Rockwellautomation | 2 Logix 5000 Controller, Rslogix 5000 Design And Configuration Software | 2017-08-28 | 6.9 MEDIUM | N/A |
Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors. |