Total
735 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2829 | 1 Apple | 1 Mac Os X Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection" issue. | |||||
| CVE-2008-0901 | 2 Bea, Bea Systems | 2 Weblogic Server, Weblogic Server | 2025-04-09 | 7.1 HIGH | N/A |
| BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not. | |||||
| CVE-2008-6817 | 1 Mole-group | 1 Lastminute Script | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mole Group Lastminute Script 4.0 and earlier stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6239 | 1 Mailenable | 2 Netwebadmin Enterprise, Netwebadmin Professional | 2025-04-09 | 7.5 HIGH | N/A |
| webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty password. | |||||
| CVE-2008-6524 | 1 Cale Dunlap | 1 Openinvoice | 2025-04-09 | 6.5 MEDIUM | N/A |
| resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication. | |||||
| CVE-2007-6399 | 1 Myupb | 1 Flat Php Board | 2025-04-09 | 6.5 MEDIUM | N/A |
| index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action. | |||||
| CVE-2007-4656 | 1 Backup Manager | 1 Backup Manager | 2025-04-09 | 2.1 LOW | N/A |
| backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766. | |||||
| CVE-2008-7050 | 1 Wowraidmanager | 1 Wowraidmanager | 2025-04-09 | 7.5 HIGH | N/A |
| The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password. | |||||
| CVE-2009-4354 | 1 Transware | 1 Active\! Mail | 2025-04-09 | 5.8 MEDIUM | N/A |
| TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions. | |||||
| CVE-2008-1390 | 1 Asterisk | 5 Asterisk, Asterisk Appliance Developer Kit, Asterisk Business Edition and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
| The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses. | |||||
| CVE-2008-5326 | 2 Ibm, Microsoft | 2 Rational Clearquest, Windows | 2025-04-09 | 4.4 MEDIUM | N/A |
| The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks. | |||||
| CVE-2009-2945 | 1 Stanford | 1 Webauth | 2025-04-09 | 4.3 MEDIUM | N/A |
| weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | |||||
| CVE-2007-6661 | 1 2z Project | 1 2z Project | 2025-04-09 | 6.4 MEDIUM | N/A |
| 2z project 0.9.6.1 allows attackers to change the password without supplying the old password. | |||||
| CVE-2009-0503 | 1 Ibm | 1 Websphere Message Broker | 2025-04-09 | 2.1 LOW | N/A |
| IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs. | |||||
| CVE-2008-2857 | 1 Alstrasoft | 1 Askme | 2025-04-09 | 5.0 MEDIUM | N/A |
| AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. | |||||
| CVE-2007-5063 | 1 Adam Scheinberg | 1 Flip | 2025-04-09 | 5.0 MEDIUM | N/A |
| Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt. | |||||
| CVE-2008-5690 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 2.1 LOW | N/A |
| The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5. | |||||
| CVE-2008-1970 | 1 Mucommander | 1 Mucommander | 2025-04-09 | 2.1 LOW | N/A |
| muCommander before 0.8.2 stores credentials.xml with insecure permissions, which allows local users to obtain credentials. | |||||
| CVE-2009-4463 | 1 Intellicom | 3 Netbiter Webscada Firmware, Netbiter Webscada Ws100, Netbiter Webscada Ws200 | 2025-04-09 | 10.0 HIGH | N/A |
| Intellicom NetBiter WebSCADA devices use default passwords for the HICP network configuration service, which makes it easier for remote attackers to modify network settings and cause a denial of service. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: this issue was originally reported to be hard-coded passwords, not default passwords. | |||||
| CVE-2007-6260 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed. | |||||