Total
766 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5871 | 1 Nortel | 1 Multimedia Communication Server 5100 | 2025-04-09 | N/A |
| Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command. | ||||
| CVE-2009-0015 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management." | ||||
| CVE-2009-4096 | 1 Scriptlerim | 1 Radio Isetek Scripti | 2025-04-09 | N/A |
| RADIO istek scripti 2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user credentials via a direct request for estafresgaftesantusyan.inc. | ||||
| CVE-2008-1390 | 1 Asterisk | 5 Asterisk, Asterisk Appliance Developer Kit, Asterisk Business Edition and 2 more | 2025-04-09 | N/A |
| The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses. | ||||
| CVE-2007-4598 | 1 Ibm | 1 Surepos 500 | 2025-04-09 | N/A |
| IBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts. | ||||
| CVE-2010-0229 | 1 Verbatim | 1 Corporate Secure | 2025-04-09 | N/A |
| Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time. | ||||
| CVE-2008-0724 | 1 The Everything Development Company | 1 The Everything Development Engine | 2025-04-09 | N/A |
| The Everything Development Engine in The Everything Development System Pre-1.0 and earlier stores passwords in cleartext in a database, which makes it easier for context-dependent attackers to obtain access to user accounts. | ||||
| CVE-2010-0226 | 1 Sandisk | 1 Cruzer Enterprise Usb | 2025-04-09 | N/A |
| SanDisk Cruzer Enterprise USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time. | ||||
| CVE-2007-4261 | 1 Ez Photo Sales | 1 Ez Photo Sales | 2025-04-09 | N/A |
| EZPhotoSales 1.9.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) a file containing cleartext passwords via a direct request for OnlineViewing/data/galleries.txt, or (2) a file containing username hashes and password hashes via a direct request for OnlineViewing/configuration/config.dat/. NOTE: vector 2 can be leveraged for administrative access because authentication does not require knowledge of cleartext values, but instead uses the username hash in the ConfigLogin parameter and the password hash in the ConfigPassword parameter. | ||||
| CVE-2010-0015 | 1 Gnu | 1 Glibc | 2025-04-09 | N/A |
| nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function. | ||||
| CVE-2007-6414 | 1 Adultscript | 1 Adultscript | 2025-04-09 | N/A |
| admin/administrator.php in Adult Script 1.6 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication and obtain administrative credentials via a direct request. NOTE: this can be leveraged for arbitrary code execution through a request to admin/videolinks_view.php. | ||||
| CVE-2008-1184 | 1 Dnssec-tools | 1 Dnssec-tools | 2025-04-09 | N/A |
| The DNSSEC validation library (libval) library in dnssec-tools before 1.3.1 does not properly check that the signing key is the APEX trust anchor, which might allow attackers to conduct unspecified attacks. | ||||
| CVE-2008-4296 | 1 Cisco | 1 Linksys Wrt350n | 2025-04-09 | N/A |
| The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access. | ||||
| CVE-2008-1393 | 1 Plone | 1 Plone Cms | 2025-04-09 | N/A |
| Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network. | ||||
| CVE-2007-6399 | 1 Myupb | 1 Flat Php Board | 2025-04-09 | N/A |
| index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action. | ||||
| CVE-2009-0216 | 1 Ge Fanuc | 1 Ifix | 2025-04-09 | N/A |
| GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module. | ||||
| CVE-2008-3009 | 1 Microsoft | 8 Windows 2000, Windows Media Format Runtime, Windows Media Player and 5 more | 2025-04-09 | N/A |
| Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." | ||||
| CVE-2009-2374 | 1 Drupal | 1 Drupal | 2025-04-09 | N/A |
| Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from those links or (2) when page caching is enabled, the Drupal page cache. | ||||
| CVE-2008-3249 | 1 Lenovo | 1 Thinkvantage System Update | 2025-04-09 | N/A |
| The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM. | ||||
| CVE-2008-2857 | 1 Alstrasoft | 1 Askme | 2025-04-09 | N/A |
| AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. | ||||