43 matches found
ZimaOS - Authentication Bypass
ZimaOS = 1.5.0 contains a broken authentication caused by improper password validation for known system service accounts in the login function, letting attackers authenticate with any password for these accounts, exploit requires knowledge of common usernames. id: CVE-2026-21891 info: name: ZimaO...
EUVD-2026-3659
A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual Appliance could allow an authenticated, local attacker with administrative privileges to elevate privileges to root on the virtual appliance. This vulnerability is due to improper file permissions on configuration file...
CVE-2026-22911
Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device...
CVE-2026-22911
Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device...
CVE-2026-22911
Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device...
CVE-2026-22911
Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device...
EUVD-2026-2812
Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device...
PT-2026-2992
Name of the Vulnerable Software and Affected Versions Affected versions not specified Description Firmware update files may reveal password hashes for system accounts. A remote attacker could potentially recover credentials and obtain unauthorized access to the device. Recommendations At the...
EUVD-2000-0432
Malware in sbrugna...
EUVD-2020-4218
Malware in sbrugna...
EUVD-2016-1785
Malware in sbrugna...
CVE-2020-11878
The Jitsi Meet aka docker-jitsi-meet stack on Docker before stable-4384-1 uses default passwords such as passw0rd for system accounts...
CVE-2016-10791
cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible CPANEL-9559...
CVE-2024-57490
CVE-2024-57490 affects Guangzhou Hongfan Technology Co., LTD. iOffice20. The issue is a logic flaw that permits an attacker to log in as any user, including the administrator, effectively bypassing authentication. The vulnerability is tracked across multiple feeds (NVD, Red Hat, CNNVD, CVE List, ...
PT-2024-34869 · Secusuite · Secusuite
Name of the Vulnerable Software and Affected Versions: SecuSUITE versions 5.0.420 and earlier Description: A local privilege escalation issue in the SecuSUITE Server System Configuration could allow a successful attacker that had gained control of code running under one of the system accounts...
BD FACSChorus Security Breach
BD FACSChorus is a multichannel flow cytometry system from BD Medical BD. A security vulnerability exists in the BD FACSChorus that arises from the software not properly assigning data access rights to operating system user accounts...
Authentication flaw
DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be...
Citrix ADC upgrade operations might cause login failure for local system user accounts
Any of the following Citrix ADC upgrade operations might cause login failure for local system user accounts: from Citrix ADC 13.0-83.x buildor later buildsto Citrix ADC 13.1-4.x build from Citrix ADC 12.1-63.x buildor later buildsto Citrix ADC 13.1-4.x build from Citrix ADC 12.1-63.x buildor late...
CommScope Ruckus IoT Controller Hard-coded System Passwords
Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-259: Use of Hard-coded Password CVE ID: CVE-2021-33218 2. Vulnerability Description Hard coded, system-level credentials exist on...
Vulnerabilities fixed in Xerox WorkCentre
Xerox has fixed a number of vulnerabilities in Xerox WorkCentre multifunction printers. Passwords, which are stored on the multifunctional are better encrypted, system accounts have been made visible and manageable, and the ability to use the included McAfee Embedded Control has been removed. One...