Total
725 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-5988 | 1 Zyxel | 1 Gs1900-10hp Firmware | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | |||||
CVE-2015-5067 | 1 Sap | 1 Netweaver | 2024-11-21 | 7.5 HIGH | N/A |
The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982. | |||||
CVE-2015-4966 | 1 Ibm | 11 Change And Configuration Management Database, Maximo Asset Management, Maximo For Government and 8 more | 2024-11-21 | 6.5 MEDIUM | N/A |
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors. | |||||
CVE-2015-4684 | 1 Polycom | 1 Realpresence Resource Manager | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager. | |||||
CVE-2015-4681 | 1 Polycom | 1 Realpresence Resource Manager | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords. | |||||
CVE-2015-4400 | 1 Ring | 2 Ring, Ring Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainSpan Wi-Fi module. | |||||
CVE-2015-4319 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2024-11-21 | 5.5 MEDIUM | N/A |
The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authenticated users to reset arbitrary active-user passwords via unspecified vectors, aka Bug ID CSCuv12338. | |||||
CVE-2015-4262 | 1 Cisco | 1 Unified Meetingplace Web Conferencing | 2024-11-21 | 10.0 HIGH | N/A |
The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839. | |||||
CVE-2015-4196 | 1 Cisco | 1 Unified Communications Domain Manager | 2024-11-21 | 5.0 MEDIUM | N/A |
Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546. | |||||
CVE-2015-3974 | 1 Easyio | 2 Easyio-30p-sf, Easyio-30p-sf Firmware | 2024-11-21 | 9.0 HIGH | N/A |
EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENSE, Transformative Wave Technologies, Tridium Asia Pacific, and Tridium Europe products, have a hardcoded password, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
CVE-2015-3968 | 1 Janitza | 5 Umg 508, Umg 509, Umg 511 and 2 more | 2024-11-21 | 7.5 HIGH | N/A |
The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files via a session on TCP port 21. | |||||
CVE-2015-3957 | 1 Hospira | 3 Lifecare Pca3, Lifecare Pca5, Lifecare Pcainfusion Firmware | 2024-11-21 | 4.6 MEDIUM | N/A |
Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified impact and attack vectors. | |||||
CVE-2015-3799 | 1 Apple | 1 Mac Os X | 2024-11-21 | 9.3 HIGH | N/A |
The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passwords via a crafted app. | |||||
CVE-2015-3252 | 1 Apache | 1 Cloudstack | 2024-11-21 | 6.0 MEDIUM | 9.8 CRITICAL |
Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server. | |||||
CVE-2015-3001 | 1 Sysaid | 1 Sysaid | 2024-11-21 | 5.0 MEDIUM | N/A |
SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. | |||||
CVE-2015-2915 | 1 Securifi | 4 Almond, Almond-2015, Almond-2015 Firmware and 1 more | 2024-11-21 | 7.3 HIGH | N/A |
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet. | |||||
CVE-2015-2874 | 2 Lacie, Seagate | 7 Lac9000436u, Lac9000436u Firmware, Lac9000464u and 4 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. | |||||
CVE-2015-2864 | 1 Retrospect | 2 Retrospect, Retrospect Client | 2024-11-21 | 5.0 MEDIUM | N/A |
Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before 10.0.2.104 on Linux improperly generate password hashes, which makes it easier for remote attackers to bypass authentication and obtain access to backup files by leveraging a collision. | |||||
CVE-2015-2766 | 1 Websense | 1 Triton Ap Email | 2024-11-21 | 5.0 MEDIUM | N/A |
The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allows attackers to have unspecified impact via a brute force attack. | |||||
CVE-2015-2012 | 1 Ibm | 1 Websphere Mq | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file. |