Total
742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1396 | 1 Plone | 1 Plone Cms | 2025-04-09 | 4.3 MEDIUM | N/A |
| Plone CMS 3.x uses invariant data (a client username and a server secret) when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network. | |||||
| CVE-2008-1880 | 2 Firebird, Gentoo | 2 Firebird, Linux | 2025-04-09 | 5.0 MEDIUM | N/A |
| The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password. | |||||
| CVE-2009-0170 | 1 Sun | 1 Java System Access Manager | 2025-04-09 | 6.0 MEDIUM | N/A |
| Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console. | |||||
| CVE-2008-5184 | 1 Apple | 1 Cups | 2025-04-09 | 10.0 HIGH | N/A |
| The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. | |||||
| CVE-2008-5847 | 1 Constructr | 1 Constructr-cms | 2025-04-09 | 2.6 LOW | N/A |
| Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column. | |||||
| CVE-2008-2279 | 1 Freelance Auction | 1 Freelance Auction Script | 2025-04-09 | 5.0 MEDIUM | N/A |
| Freelance Auction Script 1.0 stores user passwords in plaintext in the tbl_users table, which allows attackers to gain privileges by reading the table. | |||||
| CVE-2009-0617 | 1 Cisco | 1 Application Networking Manager | 2025-04-09 | 10.0 HIGH | N/A |
| Cisco Application Networking Manager (ANM) before 2.0 uses a default MySQL root password, which makes it easier for remote attackers to execute arbitrary operating-system commands or change system files. | |||||
| CVE-2009-2435 | 1 Ibm | 1 Lotus Instant Messaging And Web Conferencing | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2010-0227 | 1 Verbatim | 1 Corporate Secure | 2025-04-09 | 4.6 MEDIUM | N/A |
| Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program. | |||||
| CVE-2008-5188 | 1 Ecryptfs | 1 Ecryptfs Utils | 2025-04-09 | 7.2 HIGH | N/A |
| The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2008-2291 | 1 Symantec | 1 Altiris Deployment Solution | 2025-04-09 | 7.5 HIGH | N/A |
| axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials. | |||||
| CVE-2009-2762 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 7.5 HIGH | N/A |
| wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array. | |||||
| CVE-2008-1218 | 1 Dovecot | 1 Dovecot | 2025-04-09 | 6.8 MEDIUM | N/A |
| Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified. | |||||
| CVE-2009-2358 | 1 Yasinkaplan | 1 Tekradius | 2025-04-09 | 4.6 MEDIUM | N/A |
| TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file. | |||||
| CVE-2008-3617 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer. | |||||
| CVE-2008-0604 | 1 Xlight Ftp Server | 1 Xlight Ftp Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2008-6228 | 1 Preproject | 1 Pre Multi-vendor Shopping Malls | 2025-04-09 | 7.5 HIGH | N/A |
| Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | |||||
| CVE-2010-0226 | 1 Sandisk | 1 Cruzer Enterprise Usb | 2025-04-09 | 4.6 MEDIUM | N/A |
| SanDisk Cruzer Enterprise USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time. | |||||
| CVE-2009-1745 | 1 Armorlogic | 1 Profense Web Application Firewall | 2025-04-09 | 10.0 HIGH | N/A |
| Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, has a default root password hash, and permits password-based root logins over SSH, which makes it easier for remote attackers to obtain access. | |||||
| CVE-2009-0657 | 1 Toshiba | 1 Face Recognition | 2025-04-09 | 6.9 MEDIUM | N/A |
| Toshiba Face Recognition 2.0.2.32 allows physically proximate attackers to obtain notebook access by presenting a large number of images for which the viewpoint and lighting have been modified to match a stored image of the authorized notebook user. | |||||