Search Results (2199 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6588 1 Aztech 1 Adsl2\/2\+4-port Router 2025-04-09 N/A
Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed.
CVE-2008-6577 1 Nortel 1 Cs1000 2025-04-09 N/A
Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges.
CVE-2008-6524 1 Cale Dunlap 1 Openinvoice 2025-04-09 N/A
resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication.
CVE-2008-6473 1 Blogator-script 1 Blogator-script 2025-04-09 N/A
_blogadata/include/init_pass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified "a" parameter with a "%" wildcard symbol in the b parameter.
CVE-2008-4807 1 Ibm 1 Lotus Connections 2025-04-09 N/A
IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3617 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 N/A
Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer.
CVE-2008-5696 1 Novell 1 Netware 2025-04-09 N/A
Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
CVE-2008-5690 1 Sun 2 Opensolaris, Solaris 2025-04-09 N/A
The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5.
CVE-2008-5670 1 Textpattern 1 Textpattern 2025-04-09 N/A
Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session.
CVE-2008-5327 1 Ibm 1 Rational Clearquest 2025-04-09 N/A
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree.
CVE-2008-5326 2 Ibm, Microsoft 2 Rational Clearquest, Windows 2025-04-09 N/A
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks.
CVE-2022-47024 2 Redhat, Vim 2 Enterprise Linux, Vim 2025-04-03 7.8 High
A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.
CVE-2024-35395 1 Totolink 3 Cp900 L, Cp900l, Cp900l Firmware 2025-04-03 8.8 High
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
CVE-1999-1214 5 Bsd, Freebsd, Netbsd and 2 more 5 Bsd, Freebsd, Netbsd and 2 more 2025-04-03 N/A
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.
CVE-2006-4068 1 Pswd.js 1 Pswd.js 2025-04-03 N/A
The pswd.js script relies on the client to calculate whether a username and password match hard-coded hashed values for a server, and uses a hashing scheme that creates a large number of collisions, which makes it easier for remote attackers to conduct offline brute force attacks. NOTE: this script might also allow attackers to generate the server-side "secret" URL without determining the original password, but this possibility was not discussed by the original researcher.
CVE-2006-2481 1 Vmware 1 Esx 2025-04-03 N/A
VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619).
CVE-2006-1002 1 Netgear 1 Wgt624 2025-04-03 N/A
NETGEAR WGT624 Wireless DSL router has a default account of super_username "Gearguy" and super_passwd "Geardog", which allows remote attackers to modify the configuration. NOTE: followup posts have suggested that this might not occur with all WGT624 routers.
CVE-2005-4360 1 Microsoft 2 Internet Information Services, Windows Xp 2025-04-03 N/A
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).
CVE-2005-2666 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2025-04-03 N/A
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
CVE-2002-2301 1 Lawson Software 1 Lawson Financials 2025-04-03 N/A
Lawson Financials 8.0, when configured to use a third party relational database, stores usernames and passwords in a world-readable file, which allows local users to read the passwords and log onto the database.