Search Results (2199 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4656 1 Backup Manager 1 Backup Manager 2025-04-09 N/A
backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766.
CVE-2007-5579 1 Pligg 1 Pligg Cms 2025-04-09 N/A
login.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, which allows remote attackers with knowledge of a username to reset that user's password by calculating the confirmationcode parameter.
CVE-2007-6096 1 Ingate 2 Ingate Firewall, Ingate Siparator 2025-04-09 N/A
Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown vectors.
CVE-2007-6260 1 Oracle 1 Database Server 2025-04-09 N/A
The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed.
CVE-2007-6267 1 Citrix 3 Edgesight For Endpoints, Edgesight For Netscaler, Edgesight For Presentation Server 2025-04-09 N/A
Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information.
CVE-2007-6661 1 2z Project 1 2z Project 2025-04-09 N/A
2z project 0.9.6.1 allows attackers to change the password without supplying the old password.
CVE-2008-0029 1 Cisco 5 Application Velocity System, Application Velocity System 3110, Application Velocity System 3120 and 2 more 2025-04-09 N/A
Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges.
CVE-2008-0440 1 Alstrasoft 1 Forum Pay Per Post Exchange 2025-04-09 N/A
AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts.
CVE-2008-0535 2 Cisco, Icon-labs 2 Service Control Engine, Iconfidant Ssh 2025-04-09 N/A
Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device instability) via "SSH credentials that attempt to change the authentication method," aka Bug ID CSCsm14239.
CVE-2008-0604 1 Xlight Ftp Server 1 Xlight Ftp Server 2025-04-09 N/A
The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions.
CVE-2008-0724 1 The Everything Development Company 1 The Everything Development Engine 2025-04-09 N/A
The Everything Development Engine in The Everything Development System Pre-1.0 and earlier stores passwords in cleartext in a database, which makes it easier for context-dependent attackers to obtain access to user accounts.
CVE-2008-1184 1 Dnssec-tools 1 Dnssec-tools 2025-04-09 N/A
The DNSSEC validation library (libval) library in dnssec-tools before 1.3.1 does not properly check that the signing key is the APEX trust anchor, which might allow attackers to conduct unspecified attacks.
CVE-2008-1192 2 Redhat, Sun 5 Network Satellite, Rhel Extras, Jdk and 2 more 2025-04-09 N/A
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors.
CVE-2008-1195 3 Canonical, Redhat, Sun 6 Ubuntu Linux, Network Satellite, Rhel Extras and 3 more 2025-04-09 N/A
Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.
CVE-2008-1218 1 Dovecot 1 Dovecot 2025-04-09 N/A
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
CVE-2008-1390 1 Asterisk 5 Asterisk, Asterisk Appliance Developer Kit, Asterisk Business Edition and 2 more 2025-04-09 N/A
The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
CVE-2008-1393 1 Plone 1 Plone Cms 2025-04-09 N/A
Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network.
CVE-2008-1394 1 Plone 1 Plone Cms 2025-04-09 N/A
Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.
CVE-2008-1396 1 Plone 1 Plone Cms 2025-04-09 N/A
Plone CMS 3.x uses invariant data (a client username and a server secret) when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network.
CVE-2008-1880 2 Firebird, Gentoo 2 Firebird, Linux 2025-04-09 N/A
The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password.