CVE-2025-35451

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be...

CVE-2025-35451

CVE-2025-35451 concerns PTZOptics and ValueHD-based pan-tilt-zoom cameras with hard-coded default administrative credentials. Affected devices expose SSH and/or Telnet on all interfaces, and the default passwords cannot be changed or the services disabled, enabling potential unauthorized admin ac...

CVE-2025-35451 Pan-Tilt-Zoom cameras hard-coded default passwords with SSH and telnet enabled

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be...

PT-2025-36260

Name of the Vulnerable Software and Affected Versions: PTZOptics and ValueHD-based pan-tilt-zoom cameras affected versions not specified Description: PTZOptics and ValueHD-based pan-tilt-zoom cameras utilize hard-coded, default administrative credentials. These credentials can be easily...

CVE-2025-6519

E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...

CVE-2025-6519

E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...

CVE-2025-6519

E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...

CVE-2025-6519 Consistent predictable generation of the password for the default admin user "ONEDAY" to the application services

E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...

CVE-2025-6519 Consistent predictable generation of the password for the default admin user "ONEDAY" to the application services

E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...

CVE-2025-6519

CVE-2025-6519 overview (confirmed details) : Affects Copeland E3 Site Supervisor firmware versions prior to 2.31F01. The vulnerability stems from a default admin account named “ONEDAY” that uses a daily-generated password which can be predicted. The ONEDAY user cannot be deleted or modified by an...

PT-2025-35562

Name of the Vulnerable Software and Affected Versions: E3 Site Supervisor versions prior to 2.31F01 Description: E3 Site Supervisor firmware contains a default administrator account, ONEDAY, with a daily generated password that is predictable. The ONEDAY user cannot be deleted or modified...

NeuVector admin account has insecure default password

Impact A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in admin account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the defau...

GHSA-8PXW-9C75-6W56 NeuVector admin account has insecure default password

Impact A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in admin account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the defau...

K000153161: Ansible Tower vulnerability CVE-2019-19340

Security Advisory Description A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmqenablemanager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is sti...

CVE-2025-29521

CVE-2025-29521 affects D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230. The issue is insecure default credentials for the Administrator account, enabling privilege escalation through brute-force attempts. Documents consistently describe the same root cause and affected device without ad...

CVE-2025-8452

By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default...

CVE-2025-8452 Unauthenticated leak of sensitive information affecting multiple models from Brother Industries, Ltd., Toshiba Tec, and Konica Minolta, Inc.

By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default...

VulnCheck KEV: CVE-2020-4429

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534...

CVE-2012-10042

Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials admin:secret and allows authenticated users to upload files via manage.php. The upload mechanism fails to validate file types, enabling...

CVE-2012-10042

CVE-2012-10042 affects Sflog! CMS 1.0 via an authenticated file-upload vulnerability in the blog management interface (manage.php). With default credentials (admin:secret), authenticated users can upload files to blogs/download/uploads/, where the upload validation is insufficient, enabling a PHP...