18 matches found
CVE-2023-47800
Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL...
CVE-2022-34005
An issue was discovered in TitanFTP aka Titan FTP NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 sub-issue 1. NOTE: as of...
South River Technologies TitanFTP NextGen 信任管理问题漏洞
South River Technologies TitanFTP NextGen South River Technologies Titan FTP NextGen is a natively supported cluster for high availability and failover SFTP/ FTP server. A security vulnerability exists in South River Technologies TitanFTP NextGen versions prior to 1.2.1050, which originates from ...
CVE-2016-6532
DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXISDATA SQL Server session...
SysAid Help Desk Built-in Password Vulnerability
SysAid Help Desk is a suite of Web-based IT management software. SysAid Help Desk uses a hard-coded password, username: sa, password: Password1, through which remote attackers bypass access restrictions...
Sybase SQL Blank Password
The remote Sybase SQL server has the default SPDX-FileCopyrightText: 2008 Tenable Network Security Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
lyris-listmanager.txt
Title: Lyris ListManager Multiple Flaws Release Date: December 8, 2005 Patch Date: Unknown v8.9b resolves most issues Reported Date: June 21, 2005 Vendor: Lyris Systems Affected: Lyris ListManager v5.0-8.8a most flaws Summary: The Lyris ListManager software is vulnerable to numerous SQL injection...
CVE-2005-4145
The MSDE version of Lyris ListManager 5.0 through 8.9b configures the sa account in the database to use a password with a small search space "lyris" and up to 5 digits, possibly from the process ID, which allows remote attackers to gain access via a brute force attack...
CVE-2005-4145
The MSDE version of Lyris ListManager 5.0 through 8.9b configures the sa account in the database to use a password with a small search space "lyris" and up to 5 digits, possibly from the process ID, which allows remote attackers to gain access via a brute force attack...
CVE-2005-3280
Paros 3.2.5 uses a default password for the "sa" account in the underlying HSQLDB database and does not restrict access to the local machine, which allows remote attackers to gain privileges...
Sybase SQL sa Account Blank Password
The remote Sybase SQL server has the default 'sa' account enabled without any password. An attacker may use this flaw to execute commands against the remote host as well as read database content. C Tenable Network Security, Inc. This script is based on mssqlblankpassword.nasl which is C H D Moore...
SQL Server Cleartext 'sa' Account 'sa' Password Attempted Login (deprecated)
Binary data 1109.prm...
SQL Server Cleartext 'sa' Account 'admin' Password Authentication (deprecated)
Binary data 1125.prm...
SQL Server Cleartext 'sa' Account 'sa' Password Authentication (deprecated)
Binary data 1122.prm...
SQL Server Cleartext 'sa' Account 'password' Password Authentication (deprecated)
Binary data 1123.prm...
SQL Server Cleartext 'sa' Account 'administrator' Password Attempted Login (deprecated)
Binary data 1111.prm...
Microsoft SQL Server sa Account Default Blank Password
The remote instance of MS SQL / SQL Server has the default 'sa' account enabled without any password. An attacker may leverage this flaw to execute commands against the remote host, as well as read the content of any databases it might have. %NASLMINLEVEL 70300 this script attempts to log in to a...
Tumbleweed Worldsecure (MMS) BLANK 'sa' account password vulnerability
I've recently discovered the following vulnerability: Product: Tumbleweed Messaging Management System MMS Formerly Worldtalk Worldsecure http://www.tumbleweed.com/solutions/products/mmsproducts Version: 4.3 - 4.5 all builds Description: Product uses Microsoft's MSDE Database engine which is a...