Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-255
Total 736 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-4807 1 Ibm 1 Lotus Connections 2017-08-07 2.1 LOW N/A
IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3249 1 Lenovo 1 Thinkvantage System Update 2017-08-07 5.1 MEDIUM N/A
The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.
CVE-2008-3059 1 Octeth 1 Oempro 2017-08-07 4.0 MEDIUM N/A
member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly other versions before 4, uses cleartext to transmit a password entered in the FormValue_Password field, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to the "Settings - Account Information" tab.
CVE-2008-3067 1 Suse 1 Opensuse 2017-08-07 2.1 LOW N/A
sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits.
CVE-2008-1880 2 Firebird, Gentoo 2 Firebird, Linux 2017-08-07 5.0 MEDIUM N/A
The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password.
CVE-2008-1970 1 Mucommander 1 Mucommander 2017-08-07 2.1 LOW N/A
muCommander before 0.8.2 stores credentials.xml with insecure permissions, which allows local users to obtain credentials.
CVE-2008-1542 1 Airspan 1 Base Station Distribution Unit 2017-08-07 7.5 HIGH N/A
Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its password for the root account, which allows remote attackers to obtain administrative access via a telnet login, a different vulnerability than CVE-2008-1262.
CVE-2008-1543 1 Airspan 7 Easy St, Easy St-2, Prost and 4 more 2017-08-07 7.5 HIGH N/A
The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which makes it easier for remote attackers to obtain partial administrative access, a different vulnerability than CVE-2008-1262.
CVE-2008-2368 1 Redhat 1 Certificate System 2017-08-07 2.1 LOW N/A
Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.
CVE-2008-2312 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 4.9 MEDIUM N/A
Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file.
CVE-2008-0029 1 Cisco 5 Application Velocity System, Application Velocity System 3110, Application Velocity System 3120 and 2 more 2017-08-07 10.0 HIGH N/A
Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges.
CVE-2007-6267 1 Citrix 3 Edgesight For Endpoints, Edgesight For Netscaler, Edgesight For Presentation Server 2017-08-07 2.1 LOW N/A
Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information.
CVE-2008-0535 2 Cisco, Icon-labs 2 Service Control Engine, Iconfidant Ssh 2017-08-07 7.8 HIGH N/A
Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device instability) via "SSH credentials that attempt to change the authentication method," aka Bug ID CSCsm14239.
CVE-2008-0996 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 1.7 LOW N/A
The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.
CVE-2008-1184 1 Dnssec-tools 1 Dnssec-tools 2017-08-07 5.0 MEDIUM N/A
The DNSSEC validation library (libval) library in dnssec-tools before 1.3.1 does not properly check that the signing key is the APEX trust anchor, which might allow attackers to conduct unspecified attacks.
CVE-2007-4594 1 Entrust 1 Entelligence Security Provider 2017-07-28 6.4 MEDIUM N/A
Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5905 1 Adobe 1 Coldfusion 2017-07-28 6.8 MEDIUM N/A
Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability.
CVE-2007-5579 1 Pligg 1 Pligg Cms 2017-07-28 7.5 HIGH N/A
login.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, which allows remote attackers with knowledge of a username to reset that user's password by calculating the confirmationcode parameter.
CVE-2007-5988 1 Bti-tracker 1 Bti-tracker 2017-07-28 7.5 HIGH N/A
blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field.
CVE-2007-3275 1 Mailwasher 1 Mailwasher Server 2017-07-28 7.1 HIGH N/A
MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. NOTE: some of these details are obtained from third party information.