Search Results (2199 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2368 1 Redhat 1 Certificate System 2025-04-09 N/A
Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.
CVE-2008-3059 1 Octeth 1 Oempro 2025-04-09 N/A
member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly other versions before 4, uses cleartext to transmit a password entered in the FormValue_Password field, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to the "Settings - Account Information" tab.
CVE-2008-3067 1 Suse 1 Opensuse 2025-04-09 N/A
sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits.
CVE-2008-3235 1 Ibm 1 Websphere Application Server 2025-04-09 N/A
Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors.
CVE-2008-3249 1 Lenovo 1 Thinkvantage System Update 2025-04-09 N/A
The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.
CVE-2008-3840 1 Craftysyntax 1 Crafty Syntax Live Help 2025-04-09 N/A
Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
CVE-2008-3859 1 Davlin 1 Thickbox Gallery 2025-04-09 N/A
Davlin Thickbox Gallery 2 allows remote attackers to obtain the administrative username and MD5 password hash via a direct request to conf/admins.php.
CVE-2008-4677 1 Vim 2 Netrw, Vim 2025-04-09 N/A
autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating "I'm assuming that they're using the same id and password on that unchanged hostname, deliberately."
CVE-2008-4807 1 Ibm 1 Lotus Connections 2025-04-09 N/A
IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4874 1 Philips Electronics 1 Voip841 Dect Phone 2025-04-09 N/A
The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access.
CVE-2008-5326 2 Ibm, Microsoft 2 Rational Clearquest, Windows 2025-04-09 N/A
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks.
CVE-2008-5327 1 Ibm 1 Rational Clearquest 2025-04-09 N/A
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree.
CVE-2008-6191 1 Intrinsic 1 Swimage Encore 2025-04-09 N/A
Conductor.exe in Intrinsic Swimage Encore before 5.0.1.21 contains a hardcoded password, which might allow local users to decrypt certain .bin files. NOTE: it is not clear whether this issue crosses privilege boundaries.
CVE-2008-6228 1 Preproject 1 Pre Multi-vendor Shopping Malls 2025-04-09 N/A
Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
CVE-2008-6231 1 Preprojects 1 Pre Classified Listings 2025-04-09 N/A
Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
CVE-2008-6232 1 Preprojects 1 Pre Shopping Mall 2025-04-09 N/A
Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
CVE-2008-6971 1 Simplemachines 1 Smf 2025-04-09 N/A
The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify passwords of other users and gain privileges.
CVE-2008-7050 1 Wowraidmanager 1 Wowraidmanager 2025-04-09 N/A
The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password.
CVE-2009-0503 1 Ibm 1 Websphere Message Broker 2025-04-09 N/A
IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs.
CVE-2009-1273 1 Andrew J.korty 1 Pam Ssh 2025-04-09 N/A
pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.