Total
755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3059 | 1 Octeth | 1 Oempro | 2017-08-08 | 4.0 MEDIUM | N/A |
| member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly other versions before 4, uses cleartext to transmit a password entered in the FormValue_Password field, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to the "Settings - Account Information" tab. | |||||
| CVE-2008-2368 | 1 Redhat | 1 Certificate System | 2017-08-08 | 2.1 LOW | N/A |
| Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files. | |||||
| CVE-2008-2312 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 4.9 MEDIUM | N/A |
| Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2008-1970 | 1 Mucommander | 1 Mucommander | 2017-08-08 | 2.1 LOW | N/A |
| muCommander before 0.8.2 stores credentials.xml with insecure permissions, which allows local users to obtain credentials. | |||||
| CVE-2008-1880 | 2 Firebird, Gentoo | 2 Firebird, Linux | 2017-08-08 | 5.0 MEDIUM | N/A |
| The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password. | |||||
| CVE-2008-1543 | 1 Airspan | 7 Easy St, Easy St-2, Prost and 4 more | 2017-08-08 | 7.5 HIGH | N/A |
| The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which makes it easier for remote attackers to obtain partial administrative access, a different vulnerability than CVE-2008-1262. | |||||
| CVE-2008-1542 | 1 Airspan | 1 Base Station Distribution Unit | 2017-08-08 | 7.5 HIGH | N/A |
| Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its password for the root account, which allows remote attackers to obtain administrative access via a telnet login, a different vulnerability than CVE-2008-1262. | |||||
| CVE-2008-1184 | 1 Dnssec-tools | 1 Dnssec-tools | 2017-08-08 | 5.0 MEDIUM | N/A |
| The DNSSEC validation library (libval) library in dnssec-tools before 1.3.1 does not properly check that the signing key is the APEX trust anchor, which might allow attackers to conduct unspecified attacks. | |||||
| CVE-2008-0996 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 1.7 LOW | N/A |
| The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials. | |||||
| CVE-2008-0535 | 2 Cisco, Icon-labs | 2 Service Control Engine, Iconfidant Ssh | 2017-08-08 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device instability) via "SSH credentials that attempt to change the authentication method," aka Bug ID CSCsm14239. | |||||
| CVE-2008-0029 | 1 Cisco | 5 Application Velocity System, Application Velocity System 3110, Application Velocity System 3120 and 2 more | 2017-08-08 | 10.0 HIGH | N/A |
| Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges. | |||||
| CVE-2007-6267 | 1 Citrix | 3 Edgesight For Endpoints, Edgesight For Netscaler, Edgesight For Presentation Server | 2017-08-08 | 2.1 LOW | N/A |
| Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information. | |||||
| CVE-2007-5988 | 1 Bti-tracker | 1 Bti-tracker | 2017-07-29 | 7.5 HIGH | N/A |
| blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field. | |||||
| CVE-2007-5905 | 1 Adobe | 1 Coldfusion | 2017-07-29 | 6.8 MEDIUM | N/A |
| Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability. | |||||
| CVE-2007-5579 | 1 Pligg | 1 Pligg Cms | 2017-07-29 | 7.5 HIGH | N/A |
| login.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, which allows remote attackers with knowledge of a username to reset that user's password by calculating the confirmationcode parameter. | |||||
| CVE-2007-4594 | 1 Entrust | 1 Entelligence Security Provider | 2017-07-29 | 6.4 MEDIUM | N/A |
| Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3275 | 1 Mailwasher | 1 Mailwasher Server | 2017-07-29 | 7.1 HIGH | N/A |
| MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2766 | 1 Backup Manager | 1 Backup Manager | 2017-07-29 | 7.2 HIGH | N/A |
| lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQL password as a plaintext command line argument, which allows local users to obtain this password by listing the process and its arguments, related to lib/backup-methods.sh. | |||||
| CVE-2007-1068 | 2 Cisco, Meetinghouse | 4 Secure Services Client, Security Agent, Trust Agent and 1 more | 2017-07-29 | 7.2 HIGH | N/A |
| The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423. | |||||
| CVE-2004-2723 | 1 Nessus | 1 Nessuswx | 2017-07-29 | 2.1 LOW | N/A |
| NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords. | |||||