Total
725 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-2317 | 1 Axesstel | 1 Mv 410r | 2024-11-21 | 10.0 HIGH | N/A |
The Axesstel MV 410R has a certain default administrator password, and does not force a password change, which makes it easier for remote attackers to obtain access. | |||||
CVE-2009-2271 | 1 Huawei | 1 D100 | 2024-11-21 | 10.0 HIGH | N/A |
The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and has (2) a default password of admin for the admin account in the telnet interface; which makes it easier for remote attackers to obtain access. | |||||
CVE-2009-2192 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 7.5 HIGH | N/A |
MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue." | |||||
CVE-2009-2087 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 2.1 LOW | N/A |
The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial of service (deployment failure) via unspecified vectors. | |||||
CVE-2009-2084 | 1 Llnl | 1 Slurm | 2024-11-21 | 7.2 HIGH | N/A |
Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 before 1.3.14 does not properly set supplementary groups before invoking (1) sbcast from the slurmd daemon or (2) strigger from the slurmctld daemon, which might allow local SLURM users to modify files and gain privileges. | |||||
CVE-2009-1933 | 1 Sun | 2 Opensolaris, Solaris | 2024-11-21 | 4.7 MEDIUM | N/A |
Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117, does not properly manage credential caches, which allows local users to access Kerberized NFS mount points and Kerberized NFS shares via unspecified vectors. | |||||
CVE-2009-1930 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more | 2024-11-21 | 10.0 HIGH | N/A |
The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834. | |||||
CVE-2009-1745 | 1 Armorlogic | 1 Profense Web Application Firewall | 2024-11-21 | 10.0 HIGH | N/A |
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, has a default root password hash, and permits password-based root logins over SSH, which makes it easier for remote attackers to obtain access. | |||||
CVE-2009-1682 | 1 Apple | 1 Safari | 2024-11-21 | 4.3 MEDIUM | N/A |
Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate. | |||||
CVE-2009-1465 | 1 Klinzmann | 1 Application Access Server | 2024-11-21 | 7.5 HIGH | N/A |
Application Access Server (A-A-S) 2.0.48 has "wildbat" as its default password for the admin account, which makes it easier for remote attackers to obtain access. | |||||
CVE-2009-1273 | 1 Andrew J.korty | 1 Pam Ssh | 2024-11-21 | 5.0 MEDIUM | N/A |
pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames. | |||||
CVE-2009-1075 | 1 Sun | 1 Java System Identity Manager | 2024-11-21 | 5.0 MEDIUM | N/A |
Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | |||||
CVE-2009-1000 | 1 Oracle | 1 E-business Suite | 2024-11-21 | 7.5 HIGH | N/A |
The Oracle Applications Framework component in Oracle E-Business Suite 12.0.6 and 11i10CU2 uses default passwords for unspecified "FND Applications Users (not DB users)," which has unknown impact and attack vectors. | |||||
CVE-2009-0919 | 1 Apachefriends | 1 Xampp | 2024-11-21 | 7.5 HIGH | N/A |
XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the "lampp" default password for the "nobody" account within the included ProFTPD installation, (2) a blank default password for the "root" account within the included MySQL installation, (3) a blank default password for the "pma" account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK, but this issue affects any product that is installed within the XAMPP environment, and should not be viewed as a vulnerability within that product. NOTE: DFLabs states that PTK is intended for use in a laboratory with "no contact from / to internet." | |||||
CVE-2009-0657 | 1 Toshiba | 1 Face Recognition | 2024-11-21 | 6.9 MEDIUM | N/A |
Toshiba Face Recognition 2.0.2.32 allows physically proximate attackers to obtain notebook access by presenting a large number of images for which the viewpoint and lighting have been modified to match a stored image of the authorized notebook user. | |||||
CVE-2009-0656 | 1 Asus | 1 Smartlogon | 2024-11-21 | 6.9 MEDIUM | N/A |
Asus SmartLogon 1.0.0005 allows physically proximate attackers to bypass "security functions" by presenting an image with a modified viewpoint that matches the posture of a stored image of the authorized notebook user. | |||||
CVE-2009-0644 | 1 Swannsecurity | 1 Dvr4-securanet | 2024-11-21 | 5.0 MEDIUM | N/A |
The HTTP interface in Swann DVR4-SecuraNet has a certain default administrative username and password, which makes it easier for remote attackers to obtain privileged access. | |||||
CVE-2009-0632 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 9.0 HIGH | N/A |
The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x. | |||||
CVE-2009-0620 | 1 Cisco | 2 Application Control Engine Module, Catalyst | 2024-11-21 | 10.0 HIGH | N/A |
Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access. | |||||
CVE-2009-0617 | 1 Cisco | 1 Application Networking Manager | 2024-11-21 | 10.0 HIGH | N/A |
Cisco Application Networking Manager (ANM) before 2.0 uses a default MySQL root password, which makes it easier for remote attackers to execute arbitrary operating-system commands or change system files. |