Total
736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4440 | 1 Pwgen Project | 1 Pwgen | 2015-09-10 | 5.0 MEDIUM | N/A |
| Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. | |||||
| CVE-2015-6743 | 1 Basware | 1 Banking | 2015-08-31 | 6.5 MEDIUM | N/A |
| Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions. | |||||
| CVE-2015-6742 | 1 Basware | 1 Banking | 2015-08-31 | 6.5 MEDIUM | N/A |
| Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions. | |||||
| CVE-2006-7253 | 1 Gehealthcare | 1 Infinia Ii | 2015-08-11 | 10.0 HIGH | N/A |
| GE Healthcare Infinia II has a default password of (1) infinia for the infinia user, (2) #bigguy1 for the acqservice user, (3) dont4get2 for the Administrator user, (4) #bigguy1 for the emergency user, and (5) 2Bfamous for the InfiniaAdmin user, which has unspecified impact and attack vectors. | |||||
| CVE-2011-5323 | 1 Gehealthcare | 1 Centricity Pacs-iw | 2015-08-06 | 10.0 HIGH | N/A |
| GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions has a password of A11enda1e for the sa SQL server user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | |||||
| CVE-2010-5308 | 1 Gehealthcare | 1 Optima Mr360 Firmware | 2015-08-05 | 10.0 HIGH | N/A |
| GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default. | |||||
| CVE-2014-9736 | 1 Gehealthcare | 1 Centricity Clinical Archive Audit Trail Repository | 2015-08-04 | 10.0 HIGH | N/A |
| GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors. | |||||
| CVE-2013-7405 | 1 Gehealthcare | 1 Centricity Dms | 2015-08-04 | 10.0 HIGH | N/A |
| The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | |||||
| CVE-2011-5324 | 1 Gehealthcare | 1 Centricity Pacs-iw | 2015-08-04 | 10.0 HIGH | N/A |
| The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of (1) shared for the shared user and (2) scan for the scan user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | |||||
| CVE-2014-4875 | 1 Toshiba | 1 Chec | 2015-06-24 | 5.0 MEDIUM | N/A |
| CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access. | |||||
| CVE-2015-0972 | 1 Pearson | 1 Proctorcache | 2015-06-24 | 5.0 MEDIUM | N/A |
| Pearson ProctorCache before 2015.1.17 uses the same hardcoded password across different customers' installations, which allows remote attackers to modify test metadata or cause a denial of service (test disruption) by leveraging knowledge of this password. | |||||
| CVE-2015-0995 | 1 Inductiveautomation | 1 Ignition | 2015-04-03 | 5.0 MEDIUM | N/A |
| Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack. | |||||
| CVE-2015-1455 | 1 Fortinet | 1 Fortiauthenticator | 2015-02-19 | 7.5 HIGH | N/A |
| Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2015-0930 | 1 Servision | 2 Hvg400, Hvg Video Gateway Firmware | 2015-02-04 | 10.0 HIGH | N/A |
| The web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which makes it easier for remote attackers to obtain access via an HTTP session. | |||||
| CVE-2009-5066 | 1 Redhat | 2 Jboss Community Application Server, Jboss Enterprise Application Platform | 2015-01-17 | 2.1 LOW | N/A |
| twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments. | |||||
| CVE-2012-0034 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Web Platform | 2015-01-17 | 2.1 LOW | N/A |
| The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file. | |||||
| CVE-2010-5318 | 1 Basic-cms | 1 Sweetrice | 2015-01-05 | 4.3 MEDIUM | N/A |
| The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator's password by specifying the administrator's e-mail address in the email parameter. | |||||
| CVE-2014-9406 | 1 Arris | 2 Touchstone Tg862g\/ct, Touchstone Tg862g\/ct Firmware | 2014-12-18 | 10.0 HIGH | N/A |
| ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to home_loggedout.php. | |||||
| CVE-2014-8496 | 1 Digicom | 2 Dg-5514t Adsl Router, Dg-5514t Adsl Router Firmware | 2014-12-10 | 10.0 HIGH | N/A |
| Digicom DG-5514T ADSL router with firmware 3.2 generates predictable session IDs, which allows remote attackers to gain administrator privileges via a brute force session hijacking attack. | |||||
| CVE-2014-9183 | 1 Zte | 1 Zxdsl | 2014-12-03 | 10.0 HIGH | N/A |
| ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges. | |||||