Total
772 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0029 | 1 Cisco | 5 Application Velocity System, Application Velocity System 3110, Application Velocity System 3120 and 2 more | 2025-04-09 | N/A |
| Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges. | ||||
| CVE-2007-4526 | 2 Netiq, Novell | 2 Identity Manager, Client Login Extension \(cle\) | 2025-04-09 | N/A |
| The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the username and password in a local file, which allows local users to obtain sensitive information by reading this file. | ||||
| CVE-2008-5188 | 2 Ecryptfs, Redhat | 2 Ecryptfs Utils, Enterprise Linux | 2025-04-09 | N/A |
| The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2008-5670 | 1 Textpattern | 1 Textpattern | 2025-04-09 | N/A |
| Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session. | ||||
| CVE-2008-1184 | 1 Dnssec-tools | 1 Dnssec-tools | 2025-04-09 | N/A |
| The DNSSEC validation library (libval) library in dnssec-tools before 1.3.1 does not properly check that the signing key is the APEX trust anchor, which might allow attackers to conduct unspecified attacks. | ||||
| CVE-2009-0170 | 1 Sun | 1 Java System Access Manager | 2025-04-09 | N/A |
| Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console. | ||||
| CVE-2007-5063 | 1 Adam Scheinberg | 1 Flip | 2025-04-09 | N/A |
| Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt. | ||||
| CVE-2007-4598 | 1 Ibm | 1 Surepos 500 | 2025-04-09 | N/A |
| IBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts. | ||||
| CVE-2007-3978 | 1 Bwired | 1 Bwired | 2025-04-09 | N/A |
| Session fixation vulnerability in bwired allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2008-5184 | 1 Apple | 1 Cups | 2025-04-09 | N/A |
| The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. | ||||
| CVE-2008-5103 | 2 Dcgrendel, Ubuntu | 2 Vmbuilder, Ubuntu Linux | 2025-04-09 | N/A |
| The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions. | ||||
| CVE-2008-4807 | 1 Ibm | 1 Lotus Connections | 2025-04-09 | N/A |
| IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-4677 | 1 Vim | 2 Netrw, Vim | 2025-04-09 | N/A |
| autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating "I'm assuming that they're using the same id and password on that unchanged hostname, deliberately." | ||||
| CVE-2007-3275 | 1 Mailwasher | 1 Mailwasher Server | 2025-04-09 | N/A |
| MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0440 | 1 Alstrasoft | 1 Forum Pay Per Post Exchange | 2025-04-09 | N/A |
| AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts. | ||||
| CVE-2010-0229 | 1 Verbatim | 1 Corporate Secure | 2025-04-09 | N/A |
| Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time. | ||||
| CVE-2010-0227 | 1 Verbatim | 1 Corporate Secure | 2025-04-09 | N/A |
| Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program. | ||||
| CVE-2010-0226 | 1 Sandisk | 1 Cruzer Enterprise Usb | 2025-04-09 | N/A |
| SanDisk Cruzer Enterprise USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time. | ||||
| CVE-2007-2766 | 1 Backup Manager | 1 Backup Manager | 2025-04-09 | N/A |
| lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQL password as a plaintext command line argument, which allows local users to obtain this password by listing the process and its arguments, related to lib/backup-methods.sh. | ||||
| CVE-2008-5690 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | N/A |
| The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5. | ||||