Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-255
Total 736 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7251 1 Zte 2 Zxhn H108n R1a, Zxhn H108n R1a Firmware 2017-09-12 10.0 HIGH 9.8 CRITICAL
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
CVE-2014-6099 1 Ibm 1 Sterling B2b Integrator 2017-09-07 5.0 MEDIUM N/A
The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to obtain admin access via a brute-force approach.
CVE-2014-9006 1 Monstra 1 Monstra 2017-09-07 5.0 MEDIUM N/A
Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values.
CVE-2007-6756 1 Zoll 1 Monitor\/defibrillator 2017-09-07 4.9 MEDIUM N/A
ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a default password for System Configuration mode, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects).
CVE-2014-6098 1 Ibm 1 Security Identity Manager 2017-09-07 5.0 MEDIUM N/A
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request.
CVE-2014-8034 1 Cisco 1 Webex Meetings Server 2017-09-07 5.0 MEDIUM N/A
Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321.
CVE-2016-2972 1 Ibm 1 Sametime 2017-09-06 2.1 LOW 7.8 HIGH
IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. IBM X-Force ID: 113855.
CVE-2016-0330 1 Ibm 1 Security Identity Manager Adapter 2017-08-31 5.0 MEDIUM 7.3 HIGH
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles password creation, which makes it easier for remote attackers to obtain access by leveraging an attack against the password algorithm.
CVE-2015-7258 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2017-08-30 9.0 HIGH 8.8 HIGH
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.
CVE-2015-7259 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2017-08-29 9.0 HIGH 8.8 HIGH
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs.
CVE-2014-4811 1 Ibm 5 San Volume Controller Software, Storwize V3500, Storwize V3700 and 2 more 2017-08-28 7.5 HIGH N/A
IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Controller 6.x and 7.x before 7.2.0.8 allow remote attackers to reset the administrator superuser password to its default value via a direct request to the administrative IP address.
CVE-2014-4822 1 Ibm 2 Websphere Mq, Websphere Mq Explorer 2017-08-28 1.9 LOW N/A
IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via an unspecified trace operation.
CVE-2014-4450 1 Apple 1 Iphone Os 2017-08-28 1.9 LOW N/A
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.
CVE-2014-4775 1 Ibm 2 Infosphere Master Data Management, Infosphere Master Data Management Server For Product Information Management 2017-08-28 5.0 MEDIUM N/A
IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1-FP15 and 10.x and 11.x before 11.3-IF2 do not properly protect credentials, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2014-4788 1 Ibm 1 Initiate Master Data Service 2017-08-28 5.0 MEDIUM N/A
IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
CVE-2014-0675 1 Cisco 1 Telepresence Video Communication Server 2017-08-28 6.4 MEDIUM N/A
The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471.
CVE-2014-0842 1 Ibm 1 Rational Focal Point 2017-08-28 5.0 MEDIUM N/A
The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code.
CVE-2014-3068 1 Ibm 1 Java 2017-08-28 6.4 MEDIUM N/A
IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack.
CVE-2014-0329 1 Zte 1 Zxv10 W300 2017-08-28 9.3 HIGH N/A
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.
CVE-2014-0755 1 Rockwellautomation 2 Logix 5000 Controller, Rslogix 5000 Design And Configuration Software 2017-08-28 6.9 MEDIUM N/A
Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.