Vulnerabilities (CVE)

Filtered by CWE-255
Total 729 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-2212 1 Posh Project 1 Posh 2025-04-12 5.0 MEDIUM N/A
The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie.
CVE-2004-2777 1 Gehealthcare 1 Centricity Image Vault Firmware 2025-04-12 10.0 HIGH N/A
GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
CVE-2010-5318 1 Basic-cms 1 Sweetrice 2025-04-12 4.3 MEDIUM N/A
The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator's password by specifying the administrator's e-mail address in the email parameter.
CVE-2015-6424 1 Cisco 1 Application Policy Infrastructure Controller 2025-04-12 7.2 HIGH N/A
The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985.
CVE-2016-3749 1 Google 1 Android 2025-04-12 4.6 MEDIUM 8.4 HIGH
server/LockSettingsService.java in LockSettingsService in Android 6.x before 2016-07-01 allows attackers to modify the screen-lock password or pattern via a crafted application, aka internal bug 28163930.
CVE-2014-0645 1 Emc 4 Cloud Tiering Appliance, Cloud Tiering Appliance Software, File Management Appliance and 1 more 2025-04-12 4.7 MEDIUM N/A
EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack.
CVE-2016-2331 1 Systech 2 Syslink Sl-1000 Modular Gateway, Syslink Sl-1000 Modular Gateway Firmware 2025-04-12 10.0 HIGH 9.8 CRITICAL
The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2007-6756 1 Zoll 1 Monitor\/defibrillator 2025-04-12 4.9 MEDIUM N/A
ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a default password for System Configuration mode, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects).
CVE-2015-0529 1 Emc 1 Powerpath Virtual Appliance 2025-04-12 5.0 MEDIUM N/A
EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session.
CVE-2016-2230 1 Openelec 1 Openelec 2025-04-12 10.0 HIGH 9.8 CRITICAL
OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session.
CVE-2013-7442 1 Gehealthcare 1 Centricity Pacs Workstation 2025-04-12 10.0 HIGH N/A
GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it.
CVE-2016-1491 1 Lenovo 1 Shareit 2025-04-12 5.4 MEDIUM 8.8 HIGH
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
CVE-2014-8518 1 Mcafee 2 Endpoint Encryption For Files And Folders, File And Removable Media Protection 2025-04-12 2.1 LOW N/A
The (1) Removable Media and (2) CD and DVD encryption offsite access options (formerly Endpoint Encryption for Removable Media or EERM) in McAfee File and Removable Media Protection (FRP) 4.3.0.x, and Endpoint Encryption for Files and Folders (EEFF) 3.2.x through 4.2.x, uses a hard-coded salt, which makes it easier for local users to obtain passwords via a brute force attack.
CVE-2013-5755 1 Yealink 1 Sip-t38g 2025-04-12 10.0 HIGH N/A
config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2015-2766 1 Websense 1 Triton Ap Email 2025-04-12 5.0 MEDIUM N/A
The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allows attackers to have unspecified impact via a brute force attack.
CVE-2015-3252 1 Apache 1 Cloudstack 2025-04-12 6.0 MEDIUM 9.8 CRITICAL
Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server.
CVE-2015-7283 1 Zyxel 2 Nbg-418n, Nbg-418n Firmware 2025-04-12 9.3 HIGH 8.1 HIGH
The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.
CVE-2016-0049 1 Microsoft 6 Windows 10, Windows 7, Windows 8.1 and 3 more 2025-04-12 2.1 LOW 6.2 MEDIUM
Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action, aka "Windows Kerberos Security Feature Bypass."
CVE-2014-5423 1 Carefusion 1 Pyxis Supplystation 2025-04-12 1.9 LOW N/A
CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 allows local users to obtain potentially sensitive information by reading a temporary (1) debugging file or (2) developer file.
CVE-2014-4822 1 Ibm 2 Websphere Mq, Websphere Mq Explorer 2025-04-12 1.9 LOW N/A
IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via an unspecified trace operation.