Total
774 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6239 | 1 Mailenable | 2 Netwebadmin Enterprise, Netwebadmin Professional | 2025-04-09 | N/A |
| webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty password. | ||||
| CVE-2009-2358 | 1 Yasinkaplan | 1 Tekradius | 2025-04-09 | N/A |
| TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file. | ||||
| CVE-2009-3180 | 1 Anantasoft | 1 Gazelle Cms | 2025-04-09 | N/A |
| Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a password reset for other users via a modified user parameter to renew.php. | ||||
| CVE-2007-4960 | 1 Linden Lab | 1 Second Life | 2025-04-09 | N/A |
| Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' (double-quote space) sequence followed by the -autologin and -loginuri arguments, which cause the handler to post login credentials and software installation details to an arbitrary URL. | ||||
| CVE-2009-2087 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial of service (deployment failure) via unspecified vectors. | ||||
| CVE-2009-1682 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate. | ||||
| CVE-2008-6191 | 1 Intrinsic | 1 Swimage Encore | 2025-04-09 | N/A |
| Conductor.exe in Intrinsic Swimage Encore before 5.0.1.21 contains a hardcoded password, which might allow local users to decrypt certain .bin files. NOTE: it is not clear whether this issue crosses privilege boundaries. | ||||
| CVE-2008-2368 | 1 Redhat | 1 Certificate System | 2025-04-09 | N/A |
| Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files. | ||||
| CVE-2009-2084 | 1 Llnl | 1 Slurm | 2025-04-09 | N/A |
| Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 before 1.3.14 does not properly set supplementary groups before invoking (1) sbcast from the slurmd daemon or (2) strigger from the slurmctld daemon, which might allow local SLURM users to modify files and gain privileges. | ||||
| CVE-2007-5988 | 1 Bti-tracker | 1 Bti-tracker | 2025-04-09 | N/A |
| blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field. | ||||
| CVE-2008-1543 | 1 Airspan | 7 Easy St, Easy St-2, Prost and 4 more | 2025-04-09 | N/A |
| The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which makes it easier for remote attackers to obtain partial administrative access, a different vulnerability than CVE-2008-1262. | ||||
| CVE-2009-1000 | 1 Oracle | 1 E-business Suite | 2025-04-09 | N/A |
| The Oracle Applications Framework component in Oracle E-Business Suite 12.0.6 and 11i10CU2 uses default passwords for unspecified "FND Applications Users (not DB users)," which has unknown impact and attack vectors. | ||||
| CVE-2010-0229 | 1 Verbatim | 1 Corporate Secure | 2025-04-09 | N/A |
| Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time. | ||||
| CVE-2010-0227 | 1 Verbatim | 1 Corporate Secure | 2025-04-09 | N/A |
| Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program. | ||||
| CVE-2008-2312 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file. | ||||
| CVE-2008-0996 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials. | ||||
| CVE-2008-4296 | 1 Cisco | 1 Linksys Wrt350n | 2025-04-09 | N/A |
| The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access. | ||||
| CVE-2008-1542 | 1 Airspan | 1 Base Station Distribution Unit | 2025-04-09 | N/A |
| Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its password for the root account, which allows remote attackers to obtain administrative access via a telnet login, a different vulnerability than CVE-2008-1262. | ||||
| CVE-2007-6340 | 1 Moernaut | 2 Lsrunase, Supercrypt | 2025-04-09 | N/A |
| Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector (IV), which makes it easier for local users to obtain cleartext passwords. | ||||
| CVE-2008-1396 | 1 Plone | 1 Plone Cms | 2025-04-09 | N/A |
| Plone CMS 3.x uses invariant data (a client username and a server secret) when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network. | ||||