Total
767 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2766 | 1 Backup Manager | 1 Backup Manager | 2025-04-09 | N/A |
| lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQL password as a plaintext command line argument, which allows local users to obtain this password by listing the process and its arguments, related to lib/backup-methods.sh. | ||||
| CVE-2008-1970 | 1 Mucommander | 1 Mucommander | 2025-04-09 | N/A |
| muCommander before 0.8.2 stores credentials.xml with insecure permissions, which allows local users to obtain credentials. | ||||
| CVE-2007-3275 | 1 Mailwasher | 1 Mailwasher Server | 2025-04-09 | N/A |
| MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0535 | 2 Cisco, Icon-labs | 2 Service Control Engine, Iconfidant Ssh | 2025-04-09 | N/A |
| Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device instability) via "SSH credentials that attempt to change the authentication method," aka Bug ID CSCsm14239. | ||||
| CVE-2008-0604 | 1 Xlight Ftp Server | 1 Xlight Ftp Server | 2025-04-09 | N/A |
| The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions. | ||||
| CVE-2007-3978 | 1 Bwired | 1 Bwired | 2025-04-09 | N/A |
| Session fixation vulnerability in bwired allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2008-2291 | 1 Symantec | 1 Altiris Deployment Solution | 2025-04-09 | N/A |
| axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials. | ||||
| CVE-2007-4594 | 1 Entrust | 1 Entelligence Security Provider | 2025-04-09 | N/A |
| Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-4598 | 1 Ibm | 1 Surepos 500 | 2025-04-09 | N/A |
| IBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts. | ||||
| CVE-2008-2312 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file. | ||||
| CVE-2008-1184 | 1 Dnssec-tools | 1 Dnssec-tools | 2025-04-09 | N/A |
| The DNSSEC validation library (libval) library in dnssec-tools before 1.3.1 does not properly check that the signing key is the APEX trust anchor, which might allow attackers to conduct unspecified attacks. | ||||
| CVE-2008-1393 | 1 Plone | 1 Plone Cms | 2025-04-09 | N/A |
| Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network. | ||||
| CVE-2009-2317 | 1 Axesstel | 1 Mv 410r | 2025-04-09 | N/A |
| The Axesstel MV 410R has a certain default administrator password, and does not force a password change, which makes it easier for remote attackers to obtain access. | ||||
| CVE-2008-3059 | 1 Octeth | 1 Oempro | 2025-04-09 | N/A |
| member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly other versions before 4, uses cleartext to transmit a password entered in the FormValue_Password field, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to the "Settings - Account Information" tab. | ||||
| CVE-2008-3235 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors. | ||||
| CVE-2009-0216 | 1 Ge Fanuc | 1 Ifix | 2025-04-09 | N/A |
| GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module. | ||||
| CVE-2008-3617 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer. | ||||
| CVE-2008-4646 | 1 Websense | 1 Enterpise | 2025-04-09 | N/A |
| The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log, which allows local users to gain privileges to the database. | ||||
| CVE-2008-5327 | 1 Ibm | 1 Rational Clearquest | 2025-04-09 | N/A |
| The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree. | ||||
| CVE-2009-0616 | 1 Cisco | 1 Application Networking Manager | 2025-04-09 | N/A |
| Cisco Application Networking Manager (ANM) before 2.0 uses default usernames and passwords, which makes it easier for remote attackers to access the application, or cause a denial of service via configuration changes, related to "default user credentials during installation." | ||||