Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved.
Max CVSS
7.5
EPSS Score
0.85%
Published
2004-03-29
Updated
2017-07-11
Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keyboard to gain unauthorized access by holding down the CTRL and C keys when the system is booting, which crashes the init process and leaves the user in a root shell.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-03-29
Updated
2017-07-11
SQL injection vulnerability in login.asp in thePHOTOtool allows remote attackers to gain unauthorized access via the password field.
Max CVSS
10.0
EPSS Score
0.51%
Published
2004-11-23
Updated
2017-07-11
SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via the photo variable.
Max CVSS
10.0
EPSS Score
0.36%
Published
2004-11-23
Updated
2017-07-11
SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.
Max CVSS
10.0
EPSS Score
3.76%
Published
2004-11-23
Updated
2017-07-11
SQL injection vulnerability in browse_items.asp in WebCortex WebStores 2000 6.0 allows remote attackers to gain unauthorized access and execute arbitrary commands via the Search_Text parameter.
Max CVSS
10.0
EPSS Score
0.19%
Published
2004-11-23
Updated
2017-07-11
Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS15600 before 1.3(0) allows a superuser whose account is locked out, disabled, or suspended to gain unauthorized access via a Telnet connection to the VxWorks shell.
Max CVSS
10.0
EPSS Score
0.42%
Published
2004-11-24
Updated
2018-10-30
American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unauthorized access.
Max CVSS
10.0
EPSS Score
1.24%
Published
2004-11-23
Updated
2017-07-11
SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style access control when users log in using scologin, which allows remote attackers to gain unauthorized access to an X session via other X login methods.
Max CVSS
7.5
EPSS Score
3.86%
Published
2004-12-31
Updated
2017-07-11
Zoom X3 ADSL modem has a terminal running on port 254 that can be accessed using the default HTML management password, even if the password has been changed for the HTTP interface, which could allow remote attackers to gain unauthorized access.
Max CVSS
10.0
EPSS Score
1.20%
Published
2004-08-06
Updated
2017-07-11
The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory.
Max CVSS
4.6
EPSS Score
0.06%
Published
2004-09-28
Updated
2017-07-11
Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 does not properly detect a smartcard removal when the card is quickly removed, reinserted, and removed again, which could cause a user session to stay logged in and allow local users to gain unauthorized access.
Max CVSS
4.6
EPSS Score
0.06%
Published
2004-07-27
Updated
2017-07-11
Asante FM2008 running firmware 1.06 is shipped with a default username and password, which could allow remote attackers to gain unauthorized access.
Max CVSS
7.5
EPSS Score
1.20%
Published
2004-12-15
Updated
2017-07-11
The configuration backup in Asante FM2008 running firmware 1.06 stores the username and password in cleartext, which could allow remote attackers to gain unauthorized access.
Max CVSS
7.5
EPSS Score
0.92%
Published
2004-12-15
Updated
2016-10-18
Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages.
Max CVSS
7.5
EPSS Score
1.28%
Published
2004-12-15
Updated
2017-07-11
The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to main.asp.
Max CVSS
7.5
EPSS Score
2.47%
Published
2004-12-31
Updated
2017-07-11
The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 4.6(0) and 4.6(1) and 15454 and 15454 SDH 4.6(0) and 4.6(1), when a user account is configured with a blank password, allows remote attackers to gain unauthorized access by logging in with a password larger than 10 characters.
Max CVSS
7.5
EPSS Score
1.56%
Published
2004-12-31
Updated
2018-10-30
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password.
Max CVSS
7.5
EPSS Score
0.57%
Published
2004-12-31
Updated
2017-07-11
Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as (1) revert and (2) delete.
Max CVSS
7.5
EPSS Score
2.69%
Published
2004-12-31
Updated
2017-07-11
Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access.
Max CVSS
7.5
EPSS Score
0.28%
Published
2004-09-21
Updated
2017-07-11
The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.
Max CVSS
10.0
EPSS Score
1.13%
Published
2004-01-21
Updated
2017-07-11
Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server.
Max CVSS
7.5
EPSS Score
0.34%
Published
2004-12-31
Updated
2008-09-05
phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.
Max CVSS
7.5
EPSS Score
2.79%
Published
2004-12-31
Updated
2017-07-20
edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false.
Max CVSS
7.5
EPSS Score
8.47%
Published
2004-12-31
Updated
2017-07-29
LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character.
Max CVSS
7.1
EPSS Score
2.67%
Published
2004-12-31
Updated
2017-07-29
27 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!