Search Results (2199 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-2412 1 Nullsoft 1 Winamp 2025-04-03 N/A
Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.
CVE-2002-2389 1 Fastlink Software 1 The Server 2025-04-03 N/A
TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files.
CVE-2002-2384 1 Hotfoon Corporation 1 Hotfoon 2025-04-03 N/A
hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry key, which allows local users to gain access to user accounts and steal phone service.
CVE-2002-2355 1 Netgear 1 Fm114p 2025-04-03 N/A
Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information.
CVE-2002-2345 1 Oracle 1 Application Server 2025-04-03 N/A
Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access.
CVE-2000-0277 1 Microsoft 1 Excel 2025-04-03 N/A
Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
CVE-1999-0994 1 Microsoft 1 Windows Nt 2025-04-03 N/A
Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords.
CVE-1999-0755 1 Microsoft 2 Windows 2000, Windows Nt 2025-04-03 N/A
Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.
CVE-2003-1401 1 Php Board 1 Php Board 2025-04-03 N/A
login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request.
CVE-2003-1439 1 Silc 1 Secure Internet Live Conferencing 2025-04-03 N/A
Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information.
CVE-2003-1424 1 Petitforum 1 Petitforum 2025-04-03 N/A
message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie.
CVE-2003-1417 1 Ncipher 1 Support Software 2025-04-03 N/A
nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files.
CVE-1999-0387 1 Microsoft 2 Windows 95, Windows 98 2025-04-03 N/A
A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords.
CVE-2002-0493 1 Apache 1 Tomcat 2025-04-03 N/A
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
CVE-2002-1372 3 Apple, Debian, Redhat 4 Cups, Mac Os X, Debian Linux and 1 more 2025-04-03 7.5 High
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta.
CVE-2002-2290 1 Mambo 1 Mambo Site Server 2025-04-03 N/A
Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges.
CVE-2002-2301 1 Lawson Software 1 Lawson Financials 2025-04-03 N/A
Lawson Financials 8.0, when configured to use a third party relational database, stores usernames and passwords in a world-readable file, which allows local users to read the passwords and log onto the database.
CVE-2002-2310 1 Kryptronic 1 Clickcartpro 2025-04-03 N/A
ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
CVE-2003-1376 1 Winzip 1 Winzip 2025-04-03 N/A
WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder.
CVE-2003-1394 1 Coffeecup Software 1 Coffeecup Password Wizard 2025-04-03 N/A
CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file.