Total
1153 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-6829 | 2 Barclamp-trove Project, Crowbar-openstack Project | 2 Barclamp-trove, Crowbar-openstack | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
CVE-2016-6532 | 1 Dexis | 1 Imaging Suite | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session. | |||||
CVE-2016-2310 | 1 Ge | 8 Multilink Firmware, Multilink Ml1200, Multilink Ml1600 and 5 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface. | |||||
CVE-2016-6535 | 1 Aver | 2 Eh6108h\+, Eh6108h\+ Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session. | |||||
CVE-2016-6530 | 1 Dentsply Sirona | 1 Cdr Dicom | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of these passwords. | |||||
CVE-2016-7560 | 1 Fortinet | 1 Fortiwlc | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors. | |||||
CVE-2016-5333 | 1 Vmware | 1 Photon Os | 2023-12-10 | 9.3 HIGH | 9.8 CRITICAL |
VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. | |||||
CVE-2016-5081 | 1 Zmodo | 2 Zp-ibh-13w, Zp-ne-14-s | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET session. | |||||
CVE-2016-5678 | 1 Nuuo | 2 Nvrmini 2, Nvrsolo | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors. | |||||
CVE-2012-4712 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2023-12-10 | 5.0 MEDIUM | N/A |
Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors. | |||||
CVE-2006-7074 | 1 Smartsitecms | 1 Smartsitecms | 2023-12-10 | 7.5 HIGH | N/A |
admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie. | |||||
CVE-2007-1063 | 1 Cisco | 12 Unified Ip Phone 7906g, Unified Ip Phone 7911g, Unified Ip Phone 7941g and 9 more | 2023-12-10 | 10.0 HIGH | N/A |
The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device. | |||||
CVE-2000-1139 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 7.5 HIGH | N/A |
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability. |