Total
765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5690 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 2.1 LOW | N/A |
| The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5. | |||||
| CVE-2009-4188 | 1 Hp | 1 Operations Dashboard | 2025-04-09 | 10.0 HIGH | N/A |
| HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3098. | |||||
| CVE-2009-1682 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate. | |||||
| CVE-2007-6340 | 1 Moernaut | 2 Lsrunase, Supercrypt | 2025-04-09 | 2.1 LOW | N/A |
| Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector (IV), which makes it easier for local users to obtain cleartext passwords. | |||||
| CVE-2008-5103 | 2 Dcgrendel, Ubuntu | 2 Vmbuilder, Ubuntu Linux | 2025-04-09 | 7.2 HIGH | N/A |
| The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions. | |||||
| CVE-2008-6817 | 1 Mole-group | 1 Lastminute Script | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mole Group Lastminute Script 4.0 and earlier stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2087 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 2.1 LOW | N/A |
| The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial of service (deployment failure) via unspecified vectors. | |||||
| CVE-2008-6588 | 1 Aztech | 1 Adsl2\/2\+4-port Router | 2025-04-09 | 10.0 HIGH | N/A |
| Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed. | |||||
| CVE-2007-5063 | 1 Adam Scheinberg | 1 Flip | 2025-04-09 | 5.0 MEDIUM | N/A |
| Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt. | |||||
| CVE-2010-0226 | 1 Sandisk | 1 Cruzer Enterprise Usb | 2025-04-09 | 4.6 MEDIUM | N/A |
| SanDisk Cruzer Enterprise USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time. | |||||
| CVE-2008-5696 | 1 Novell | 1 Netware | 2025-04-09 | 9.3 HIGH | N/A |
| Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations. | |||||
| CVE-2008-3059 | 1 Octeth | 1 Oempro | 2025-04-09 | 4.0 MEDIUM | N/A |
| member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly other versions before 4, uses cleartext to transmit a password entered in the FormValue_Password field, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to the "Settings - Account Information" tab. | |||||
| CVE-2008-1529 | 1 Zyxel | 3 Prestige 660, Prestige 661, Zynos | 2025-04-09 | 5.0 MEDIUM | N/A |
| ZyXEL Prestige routers have a minimum password length for the admin account that is too small, which makes it easier for remote attackers to guess passwords via brute force methods. | |||||
| CVE-2009-2381 | 1 Gizmo5 | 1 Gizmo | 2025-04-09 | 5.0 MEDIUM | N/A |
| Gizmo 3.1.0.79 on Linux does not verify a server's SSL certificate, which allows remote servers to obtain the credentials of arbitrary users via a spoofed certificate. | |||||
| CVE-2009-3516 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
| gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors. | |||||
| CVE-2009-4304 | 1 Moodle | 1 Moodle | 2025-04-09 | 7.5 HIGH | N/A |
| Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks. | |||||
| CVE-2009-1273 | 1 Andrew J.korty | 1 Pam Ssh | 2025-04-09 | 5.0 MEDIUM | N/A |
| pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames. | |||||
| CVE-2009-0657 | 1 Toshiba | 1 Face Recognition | 2025-04-09 | 6.9 MEDIUM | N/A |
| Toshiba Face Recognition 2.0.2.32 allows physically proximate attackers to obtain notebook access by presenting a large number of images for which the viewpoint and lighting have been modified to match a stored image of the authorized notebook user. | |||||
| CVE-2009-4354 | 1 Transware | 1 Active\! Mail | 2025-04-09 | 5.8 MEDIUM | N/A |
| TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions. | |||||
| CVE-2007-4656 | 1 Backup Manager | 1 Backup Manager | 2025-04-09 | 2.1 LOW | N/A |
| backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766. | |||||