Total
759 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1970 | 1 Mucommander | 1 Mucommander | 2025-04-09 | 2.1 LOW | N/A |
| muCommander before 0.8.2 stores credentials.xml with insecure permissions, which allows local users to obtain credentials. | |||||
| CVE-2007-4960 | 1 Linden Lab | 1 Second Life | 2025-04-09 | 5.0 MEDIUM | N/A |
| Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' (double-quote space) sequence followed by the -autologin and -loginuri arguments, which cause the handler to post login credentials and software installation details to an arbitrary URL. | |||||
| CVE-2008-0535 | 2 Cisco, Icon-labs | 2 Service Control Engine, Iconfidant Ssh | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device instability) via "SSH credentials that attempt to change the authentication method," aka Bug ID CSCsm14239. | |||||
| CVE-2008-3067 | 1 Suse | 1 Opensuse | 2025-04-09 | 2.1 LOW | N/A |
| sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits. | |||||
| CVE-2008-5327 | 1 Ibm | 1 Rational Clearquest | 2025-04-09 | 6.5 MEDIUM | N/A |
| The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree. | |||||
| CVE-2010-0227 | 1 Verbatim | 1 Corporate Secure | 2025-04-09 | 4.6 MEDIUM | N/A |
| Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program. | |||||
| CVE-2009-0216 | 1 Ge Fanuc | 1 Ifix | 2025-04-09 | 10.0 HIGH | N/A |
| GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module. | |||||
| CVE-2009-1933 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 4.7 MEDIUM | N/A |
| Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117, does not properly manage credential caches, which allows local users to access Kerberized NFS mount points and Kerberized NFS shares via unspecified vectors. | |||||
| CVE-2007-5579 | 1 Pligg | 1 Pligg Cms | 2025-04-09 | 7.5 HIGH | N/A |
| login.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, which allows remote attackers with knowledge of a username to reset that user's password by calculating the confirmationcode parameter. | |||||
| CVE-2008-4646 | 1 Websense | 1 Enterpise | 2025-04-09 | 2.1 LOW | N/A |
| The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log, which allows local users to gain privileges to the database. | |||||
| CVE-2008-6473 | 1 Blogator-script | 1 Blogator-script | 2025-04-09 | 6.4 MEDIUM | N/A |
| _blogadata/include/init_pass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified "a" parameter with a "%" wildcard symbol in the b parameter. | |||||
| CVE-2007-2766 | 1 Backup Manager | 1 Backup Manager | 2025-04-09 | 7.2 HIGH | N/A |
| lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQL password as a plaintext command line argument, which allows local users to obtain this password by listing the process and its arguments, related to lib/backup-methods.sh. | |||||
| CVE-2008-4677 | 1 Vim | 2 Netrw, Vim | 2025-04-09 | 4.3 MEDIUM | N/A |
| autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating "I'm assuming that they're using the same id and password on that unchanged hostname, deliberately." | |||||
| CVE-2008-5690 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 2.1 LOW | N/A |
| The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5. | |||||
| CVE-2009-4188 | 1 Hp | 1 Operations Dashboard | 2025-04-09 | 10.0 HIGH | N/A |
| HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3098. | |||||
| CVE-2009-1682 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate. | |||||
| CVE-2007-6340 | 1 Moernaut | 2 Lsrunase, Supercrypt | 2025-04-09 | 2.1 LOW | N/A |
| Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector (IV), which makes it easier for local users to obtain cleartext passwords. | |||||
| CVE-2008-5103 | 2 Dcgrendel, Ubuntu | 2 Vmbuilder, Ubuntu Linux | 2025-04-09 | 7.2 HIGH | N/A |
| The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions. | |||||
| CVE-2008-6817 | 1 Mole-group | 1 Lastminute Script | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mole Group Lastminute Script 4.0 and earlier stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2087 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 2.1 LOW | N/A |
| The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial of service (deployment failure) via unspecified vectors. | |||||