Description
Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2008-1819 Vulnerability (CVE-2008-1819)
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-0813)
Vanilla Forums Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4954)
WordPress Plugin UpiCRM-Free WordPress CRM and Lead Management Information Disclosure (2.1.8.5)