Total
736 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-2766 | 1 Backup Manager | 1 Backup Manager | 2017-07-28 | 7.2 HIGH | N/A |
lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQL password as a plaintext command line argument, which allows local users to obtain this password by listing the process and its arguments, related to lib/backup-methods.sh. | |||||
CVE-2007-1068 | 2 Cisco, Meetinghouse | 4 Secure Services Client, Security Agent, Trust Agent and 1 more | 2017-07-28 | 7.2 HIGH | N/A |
The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423. | |||||
CVE-2002-2290 | 1 Mambo | 1 Mambo Site Server | 2017-07-28 | 10.0 HIGH | N/A |
Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges. | |||||
CVE-2004-2723 | 1 Nessus | 1 Nessuswx | 2017-07-28 | 2.1 LOW | N/A |
NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords. | |||||
CVE-2004-2722 | 1 Nessus | 1 Nessus | 2017-07-28 | 2.1 LOW | N/A |
** DISPUTED ** Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the original researcher reports that the vendor has disputed this issue. | |||||
CVE-2004-2696 | 1 Bea | 1 Weblogic Server | 2017-07-28 | 5.5 MEDIUM | N/A |
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call. | |||||
CVE-2003-1483 | 1 Flashfxp | 1 Flashfxp | 2017-07-28 | 6.4 MEDIUM | N/A |
FlashFXP 1.4 uses a weak encryption algorithm for user passwords, which allows attackers to decrypt the passwords and gain access. | |||||
CVE-2003-1424 | 1 Petitforum | 1 Petitforum | 2017-07-28 | 6.8 MEDIUM | N/A |
message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie. | |||||
CVE-2003-1417 | 1 Ncipher | 1 Support Software | 2017-07-28 | 4.4 MEDIUM | N/A |
nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files. | |||||
CVE-2003-1401 | 1 Php Board | 1 Php Board | 2017-07-28 | 5.8 MEDIUM | N/A |
login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request. | |||||
CVE-2003-1394 | 1 Coffeecup Software | 1 Coffeecup Password Wizard | 2017-07-28 | 5.0 MEDIUM | N/A |
CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file. | |||||
CVE-2003-1376 | 1 Winzip | 1 Winzip | 2017-07-28 | 4.6 MEDIUM | N/A |
WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder. | |||||
CVE-2002-2301 | 1 Lawson Software | 1 Lawson Financials | 2017-07-28 | 3.3 LOW | N/A |
Lawson Financials 8.0, when configured to use a third party relational database, stores usernames and passwords in a world-readable file, which allows local users to read the passwords and log onto the database. | |||||
CVE-2016-9479 | 1 B2evolution | 1 B2evolution | 2017-07-27 | 5.0 MEDIUM | 7.5 HIGH |
The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request. | |||||
CVE-2016-8962 | 1 Ibm | 1 Bigfix Inventory | 2017-07-10 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851. | |||||
CVE-2004-1366 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2017-07-10 | 4.6 MEDIUM | N/A |
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges. | |||||
CVE-2016-5411 | 1 Redhat | 2 Enterprise Linux, Quickstart Cloud Installer | 2017-07-05 | 10.0 HIGH | 9.8 CRITICAL |
/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system. | |||||
CVE-2016-7062 | 1 Redhat | 2 Storage Console, Storage Console Node | 2017-07-05 | 2.1 LOW | 7.8 HIGH |
rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext. | |||||
CVE-2016-6093 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2017-06-13 | 5.0 MEDIUM | 9.8 CRITICAL |
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | |||||
CVE-2015-0924 | 1 Ceragon | 3 Fiberair Ip-10c, Fiberair Ip-10e, Fiberair Ip-10g | 2017-05-26 | 7.8 HIGH | N/A |
Ceragon FibeAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session. |