Total
774 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4598 | 1 Ibm | 1 Surepos 500 | 2025-04-09 | 4.6 MEDIUM | N/A |
|
IBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts.
|
|||||
| CVE-2008-3249 | 1 Lenovo | 1 Thinkvantage System Update | 2025-04-09 | 5.1 MEDIUM | N/A |
|
The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.
|
|||||
| CVE-2008-6232 | 1 Preprojects | 1 Pre Shopping Mall | 2025-04-09 | 7.5 HIGH | N/A |
|
Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
|
|||||
| CVE-2008-2857 | 1 Alstrasoft | 1 Askme | 2025-04-09 | 5.0 MEDIUM | N/A |
|
AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
|
|||||
| CVE-2008-6228 | 1 Preproject | 1 Pre Multi-vendor Shopping Malls | 2025-04-09 | 7.5 HIGH | N/A |
|
Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
|
|||||
| CVE-2008-4292 | 1 Opera | 1 Opera Browser | 2025-04-09 | 10.0 HIGH | N/A |
|
Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and attack vectors. NOTE: it is not clear whether this is a vulnerability, but the vendor included it in a security section of the advisory.
|
|||||
| CVE-2009-1682 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate.
|
|||||
| CVE-2008-1880 | 2 Firebird, Gentoo | 2 Firebird, Linux | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password.
|
|||||
| CVE-2007-6096 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown vectors.
|
|||||
| CVE-2008-6817 | 1 Mole-group | 1 Lastminute Script | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Mole Group Lastminute Script 4.0 and earlier stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-1930 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
|
The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
|
|||||
| CVE-2008-0029 | 1 Cisco | 5 Application Velocity System, Application Velocity System 3110, Application Velocity System 3120 and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges.
|
|||||
| CVE-2008-0724 | 1 The Everything Development Company | 1 The Everything Development Engine | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Everything Development Engine in The Everything Development System Pre-1.0 and earlier stores passwords in cleartext in a database, which makes it easier for context-dependent attackers to obtain access to user accounts.
|
|||||
| CVE-2009-2317 | 1 Axesstel | 1 Mv 410r | 2025-04-09 | 10.0 HIGH | N/A |
|
The Axesstel MV 410R has a certain default administrator password, and does not force a password change, which makes it easier for remote attackers to obtain access.
|
|||||
| CVE-2007-3061 | 1 Cactusoft | 1 Cactushop | 2025-04-09 | 7.8 HIGH | N/A |
|
Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.
|
|||||
| CVE-2008-1676 | 2 Netscape, Redhat | 2 Certificate Management System, Certificate System | 2025-04-09 | 7.5 HIGH | N/A |
|
Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate.
|
|||||
| CVE-2009-2358 | 1 Yasinkaplan | 1 Tekradius | 2025-04-09 | 4.6 MEDIUM | N/A |
|
TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file.
|
|||||
| CVE-2007-6340 | 1 Moernaut | 2 Lsrunase, Supercrypt | 2025-04-09 | 2.1 LOW | N/A |
|
Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector (IV), which makes it easier for local users to obtain cleartext passwords.
|
|||||
| CVE-2008-0440 | 1 Alstrasoft | 1 Forum Pay Per Post Exchange | 2025-04-09 | 5.0 MEDIUM | N/A |
|
AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts.
|
|||||
| CVE-2009-1745 | 1 Armorlogic | 1 Profense Web Application Firewall | 2025-04-09 | 10.0 HIGH | N/A |
|
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, has a default root password hash, and permits password-based root logins over SSH, which makes it easier for remote attackers to obtain access.
|
|||||
| CVE-2009-2192 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.5 HIGH | N/A |
|
MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue."
|
|||||
| CVE-2008-3067 | 1 Suse | 1 Opensuse | 2025-04-09 | 2.1 LOW | N/A |
|
sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits.
|
|||||
| CVE-2008-1218 | 1 Dovecot | 1 Dovecot | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
|
|||||
| CVE-2008-2279 | 1 Freelance Auction | 1 Freelance Auction Script | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Freelance Auction Script 1.0 stores user passwords in plaintext in the tbl_users table, which allows attackers to gain privileges by reading the table.
|
|||||
| CVE-2007-5988 | 1 Bti-tracker | 1 Bti-tracker | 2025-04-09 | 7.5 HIGH | N/A |
|
blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field.
|
|||||
| CVE-2008-5184 | 1 Apple | 1 Cups | 2025-04-09 | 10.0 HIGH | N/A |
|
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.
|
|||||
| CVE-2007-6260 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed.
|
|||||
| CVE-2008-4540 | 2 Htc, Microsoft | 2 Hermes, Windows Mobile | 2025-04-09 | 2.1 LOW | N/A |
|
Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access.
|
|||||
| CVE-2008-6524 | 1 Cale Dunlap | 1 Openinvoice | 2025-04-09 | 6.5 MEDIUM | N/A |
|
resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication.
|
|||||
| CVE-2008-4646 | 1 Websense | 1 Enterpise | 2025-04-09 | 2.1 LOW | N/A |
|
The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log, which allows local users to gain privileges to the database.
|
|||||
| CVE-2008-5848 | 1 Advantech | 14 Adam-6015, Adam-6017, Adam-6018 and 11 more | 2025-04-09 | 10.0 HIGH | N/A |
|
The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and (1) monitor or (2) control the module's Modbus/TCP I/O activity.
|
|||||
| CVE-2007-4656 | 1 Backup Manager | 1 Backup Manager | 2025-04-09 | 2.1 LOW | N/A |
|
backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766.
|
|||||
| CVE-2008-2312 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file.
|
|||||
| CVE-2009-1933 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 4.7 MEDIUM | N/A |
|
Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117, does not properly manage credential caches, which allows local users to access Kerberized NFS mount points and Kerberized NFS shares via unspecified vectors.
|
|||||
| CVE-2006-6239 | 1 Mailenable | 2 Netwebadmin Enterprise, Netwebadmin Professional | 2025-04-09 | 7.5 HIGH | N/A |
|
webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty password.
|
|||||
| CVE-2009-2829 | 1 Apple | 1 Mac Os X Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection" issue.
|
|||||
| CVE-2008-5847 | 1 Constructr | 1 Constructr-cms | 2025-04-09 | 2.6 LOW | N/A |
|
Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.
|
|||||
| CVE-2007-4994 | 1 Redhat | 1 Certificate Server | 2025-04-09 | 7.5 HIGH | N/A |
|
Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL.
|
|||||
| CVE-2008-5670 | 1 Textpattern | 1 Textpattern | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session.
|
|||||
| CVE-2009-4354 | 1 Transware | 1 Active\! Mail | 2025-04-09 | 5.8 MEDIUM | N/A |
|
TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions.
|
|||||