Vulnerabilities (CVE)

Filtered by CWE-255
Total 725 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5988 1 Zyxel 1 Gs1900-10hp Firmware 2024-11-21 9.3 HIGH 9.8 CRITICAL
The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.
CVE-2015-5067 1 Sap 1 Netweaver 2024-11-21 7.5 HIGH N/A
The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982.
CVE-2015-4966 1 Ibm 11 Change And Configuration Management Database, Maximo Asset Management, Maximo For Government and 8 more 2024-11-21 6.5 MEDIUM N/A
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors.
CVE-2015-4684 1 Polycom 1 Realpresence Resource Manager 2024-11-21 5.5 MEDIUM 6.5 MEDIUM
Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager.
CVE-2015-4681 1 Polycom 1 Realpresence Resource Manager 2024-11-21 7.2 HIGH 7.8 HIGH
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.
CVE-2015-4400 1 Ring 2 Ring, Ring Firmware 2024-11-21 2.1 LOW 4.6 MEDIUM
Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainSpan Wi-Fi module.
CVE-2015-4319 1 Cisco 1 Telepresence Video Communication Server Software 2024-11-21 5.5 MEDIUM N/A
The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authenticated users to reset arbitrary active-user passwords via unspecified vectors, aka Bug ID CSCuv12338.
CVE-2015-4262 1 Cisco 1 Unified Meetingplace Web Conferencing 2024-11-21 10.0 HIGH N/A
The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839.
CVE-2015-4196 1 Cisco 1 Unified Communications Domain Manager 2024-11-21 5.0 MEDIUM N/A
Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546.
CVE-2015-3974 1 Easyio 2 Easyio-30p-sf, Easyio-30p-sf Firmware 2024-11-21 9.0 HIGH N/A
EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENSE, Transformative Wave Technologies, Tridium Asia Pacific, and Tridium Europe products, have a hardcoded password, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2015-3968 1 Janitza 5 Umg 508, Umg 509, Umg 511 and 2 more 2024-11-21 7.5 HIGH N/A
The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files via a session on TCP port 21.
CVE-2015-3957 1 Hospira 3 Lifecare Pca3, Lifecare Pca5, Lifecare Pcainfusion Firmware 2024-11-21 4.6 MEDIUM N/A
Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified impact and attack vectors.
CVE-2015-3799 1 Apple 1 Mac Os X 2024-11-21 9.3 HIGH N/A
The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passwords via a crafted app.
CVE-2015-3252 1 Apache 1 Cloudstack 2024-11-21 6.0 MEDIUM 9.8 CRITICAL
Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server.
CVE-2015-3001 1 Sysaid 1 Sysaid 2024-11-21 5.0 MEDIUM N/A
SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.
CVE-2015-2915 1 Securifi 4 Almond, Almond-2015, Almond-2015 Firmware and 1 more 2024-11-21 7.3 HIGH N/A
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet.
CVE-2015-2874 2 Lacie, Seagate 7 Lac9000436u, Lac9000436u Firmware, Lac9000464u and 4 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
CVE-2015-2864 1 Retrospect 2 Retrospect, Retrospect Client 2024-11-21 5.0 MEDIUM N/A
Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before 10.0.2.104 on Linux improperly generate password hashes, which makes it easier for remote attackers to bypass authentication and obtain access to backup files by leveraging a collision.
CVE-2015-2766 1 Websense 1 Triton Ap Email 2024-11-21 5.0 MEDIUM N/A
The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allows attackers to have unspecified impact via a brute force attack.
CVE-2015-2012 1 Ibm 1 Websphere Mq 2024-11-21 2.1 LOW 4.0 MEDIUM
The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file.