Search Results (2199 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-1482 1 Microsoft 1 Mn-500 Wireless Base Station 2025-04-03 N/A
The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access.
CVE-2003-1483 1 Flashfxp 1 Flashfxp 2025-04-03 N/A
FlashFXP 1.4 uses a weak encryption algorithm for user passwords, which allows attackers to decrypt the passwords and gain access.
CVE-2004-2696 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call.
CVE-2004-2708 1 Phrozensmoke 1 Gyach Enhanced 2025-04-03 N/A
Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file.
CVE-2004-2722 1 Nessus 1 Nessus 2025-04-03 N/A
Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the original researcher reports that the vendor has disputed this issue
CVE-2004-2723 1 Nessus 1 Nessuswx 2025-04-03 N/A
NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords.
CVE-2005-4862 1 Xwiki 1 Xwiki 2025-04-03 N/A
The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password.
CVE-2006-2481 1 Vmware 1 Esx 2025-04-03 N/A
VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619).
CVE-2006-4068 1 Pswd.js 1 Pswd.js 2025-04-03 N/A
The pswd.js script relies on the client to calculate whether a username and password match hard-coded hashed values for a server, and uses a hashing scheme that creates a large number of collisions, which makes it easier for remote attackers to conduct offline brute force attacks. NOTE: this script might also allow attackers to generate the server-side "secret" URL without determining the original password, but this possibility was not discussed by the original researcher.
CVE-1999-0755 1 Microsoft 2 Windows 2000, Windows Nt 2025-04-03 N/A
Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.
CVE-2018-25078 1 Man-db Project 1 Man-db 2025-04-02 7.8 High
man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.)
CVE-2025-27662 1 Printerlogic 2 Vasion Print, Virtual Appliance 2025-04-01 9.8 Critical
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Password in URL OVE-20230524-0005.
CVE-2025-24852 2025-04-01 4.6 Medium
Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password.
CVE-2025-22366 2025-04-01 N/A
The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.
CVE-2025-22368 2025-04-01 N/A
The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS.
CVE-2025-22367 2025-04-01 N/A
The authenticated time setting capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.
CVE-2024-21003 2 Netapp, Oracle 9 Active Iq Unified Manager, Data Infrastructure Insights Acquisition Unit, Data Infrastructure Insights Storage Workload Security Agent and 6 more 2025-03-29 3.1 Low
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
CVE-2024-8774 2025-03-27 N/A
The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. This issue affect SIMPLE.ERP from 6.20 through 6.30. Only the 6.30 version received a patch 6.30@a03.9, which removed the vulnerability. Versions 6.20 and 6.25 remain unpatched.
CVE-2024-40116 1 Solar-log 1 Solar-log 1000 Firmware 2025-03-26 8.1 High
An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was discovered to store plaintext passwords in the export.html, email.html, and sms.html files -- fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base.
CVE-2022-34384 1 Dell 5 Alienware Update, Command Update, Supportassist For Business Pcs and 2 more 2025-03-26 7.8 High
Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.