Total
756 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9687 | 1 Ecryptfs | 1 Ecryptfs-utils | 2016-12-06 | N/A |
| eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack. | ||||
| CVE-2016-5890 | 1 Ibm | 1 Sterling B2b Integrator | 2016-12-03 | N/A |
| IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. | ||||
| CVE-2016-1356 | 1 Cisco | 1 Firesight System Software | 2016-12-03 | N/A |
| Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615. | ||||
| CVE-2015-7915 | 1 Sauter | 1 Moduweb Vision | 2016-12-03 | N/A |
| Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2015-2766 | 1 Websense | 1 Triton Ap Email | 2016-12-03 | N/A |
| The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allows attackers to have unspecified impact via a brute force attack. | ||||
| CVE-2016-5838 | 1 Wordpress | 1 Wordpress | 2016-11-30 | N/A |
| WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie. | ||||
| CVE-2015-7462 | 1 Ibm | 1 Websphere Mq | 2016-11-30 | N/A |
| IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcertck program. | ||||
| CVE-2015-1950 | 1 Ibm | 1 Powervc | 2016-11-30 | N/A |
| IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code. | ||||
| CVE-2016-3946 | 1 Sap | 1 Sapconsole | 2016-11-28 | N/A |
| SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461. | ||||
| CVE-2016-1927 | 1 Phpmyadmin | 1 Phpmyadmin | 2016-11-28 | N/A |
| The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach. | ||||
| CVE-2016-1394 | 1 Cisco | 1 Firesight System Software | 2016-11-28 | N/A |
| Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238. | ||||
| CVE-2015-7280 | 1 Readynet Solutions | 2 Wrt300n-dd, Wrt300n-dd Firmware | 2016-11-28 | N/A |
| The web administration interface on ReadyNet WRT300N-DD devices with firmware 1.0.26 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | ||||
| CVE-2015-7277 | 1 Ampedwireless | 2 R10000, R10000 Firmware | 2016-11-28 | N/A |
| The web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | ||||
| CVE-2008-3235 | 1 Ibm | 1 Websphere Application Server | 2016-11-10 | N/A |
| Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors. | ||||
| CVE-2013-3471 | 1 Cisco | 1 Identity Services Engine Software | 2016-11-04 | N/A |
| The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515. | ||||
| CVE-2012-4074 | 1 Cisco | 1 Unified Computing System | 2016-09-23 | N/A |
| The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of this key, aka Bug ID CSCte90338. | ||||
| CVE-2012-4088 | 1 Cisco | 1 Unified Computing System | 2016-09-22 | N/A |
| The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769. | ||||
| CVE-2014-0709 | 1 Cisco | 1 Ucs Director | 2016-09-08 | N/A |
| Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930. | ||||
| CVE-2015-0529 | 1 Emc | 1 Powerpath Virtual Appliance | 2016-08-23 | N/A |
| EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session. | ||||
| CVE-2016-5670 | 1 Crestron | 2 Dm-txrx-100-str, Dm-txrx-100-str Firmware | 2016-08-15 | N/A |
| Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface. | ||||