Total
2470 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3009 | 1 Ruby-lang | 1 Ruby | 2017-08-28 | 5.0 MEDIUM | N/A |
| Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. | |||||
| CVE-2011-2483 | 2 Php, Solar Designer | 2 Php, Crypt Blowfish | 2017-08-28 | 5.0 MEDIUM | N/A |
| crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. | |||||
| CVE-2011-2151 | 1 Smartertools | 1 Smarterstats | 2017-08-28 | 5.0 MEDIUM | N/A |
| The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, and (5) Login.aspx components in the SmarterTools SmarterStats 6.0 web server accept cleartext passwords, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2011-2142 | 1 Ibm | 1 Datacap Taskmaster Capture | 2017-08-28 | 5.0 MEDIUM | N/A |
| The Web Client Service in IBM Datacap Taskmaster Capture 8.0.1 before FP1 requires a cleartext password, which has unspecified impact and attack vectors. | |||||
| CVE-2011-1673 | 1 Netgear | 2 Prosafe Wnap210, Prosafe Wnap210 Firmware | 2017-08-16 | 5.0 MEDIUM | N/A |
| BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attackers to obtain the administrator password by reading the configuration file. | |||||
| CVE-2011-1433 | 1 Otrs | 1 Otrs | 2017-08-16 | 5.0 MEDIUM | N/A |
| The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields. | |||||
| CVE-2011-1209 | 1 Ibm | 1 Websphere Application Server | 2017-08-16 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services request via unspecified vectors related to a "decryption attack." | |||||
| CVE-2010-4184 | 1 Netsupportsoftware | 1 Netsupport Manager | 2017-08-16 | 5.0 MEDIUM | N/A |
| NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information by sniffing the network. | |||||
| CVE-2010-3618 | 1 Pgp | 2 Desktop For Mac, Desktop For Windows | 2017-08-16 | 4.3 MEDIUM | N/A |
| PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote attackers to spoof signed data by concatenating an additional message to the end of a legitimately signed message, related to a "piggy-back" or "unsigned data injection" issue. | |||||
| CVE-2011-0724 | 1 Ubuntu | 2 Edubuntu, Live Dvd | 2017-08-16 | 9.3 HIGH | N/A |
| The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, which causes each installation to have the same fixed key, which allows remote attackers to gain privileges. | |||||
| CVE-2011-0436 | 1 Gplhost | 1 Domain Technologie Control | 2017-08-16 | 5.0 MEDIUM | N/A |
| The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2011-0410 | 1 Collabnet | 1 Scrumworks | 2017-08-16 | 5.0 MEDIUM | N/A |
| CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for network communication and the internal database, which makes it easier for context-dependent attackers to obtain sensitive information by (1) sniffing the network for transmissions of Java objects or (2) reading the database. | |||||
| CVE-2011-0002 | 1 Miloslav Trmac | 1 Libuser | 2017-08-16 | 6.4 MEDIUM | N/A |
| libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values. | |||||
| CVE-2010-4626 | 1 Mybb | 1 Mybb | 2017-08-16 | 5.1 MEDIUM | N/A |
| The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack. | |||||
| CVE-2010-4506 | 1 Oracle | 1 Passlogix V-go Self-service Password Reset And Oem | 2017-08-16 | 6.2 MEDIUM | N/A |
| Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A allows physically proximate attackers to execute arbitrary programs without authentication by triggering use of an invalid SSL certificate and using the Internet Explorer interface to navigate through the filesystem via a "Save As" dialog that is reachable from the "Certificate Export" wizard. | |||||
| CVE-2010-2468 | 3 Linearcorp, S2sys, Sonitrol | 4 Emerge 50, Emerge 5000, Netbox and 1 more | 2017-08-16 | 10.0 HIGH | N/A |
| The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password. | |||||
| CVE-2010-2637 | 1 Ibm | 1 Websphere Mq | 2017-08-16 | 4.3 MEDIUM | N/A |
| IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application. | |||||
| CVE-2010-2072 | 1 Radovan Garabik | 1 Pyftpd | 2017-08-16 | 3.6 LOW | N/A |
| Pyftpd 0.8.4 creates log files with predictable names in a temporary directory, which allows local users to cause a denial of service and obtain sensitive information. | |||||
| CVE-2010-1651 | 1 Ibm | 2 Websphere Application Server, Z\/os | 2017-08-16 | 1.9 LOW | N/A |
| IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log. | |||||
| CVE-2010-1650 | 1 Ibm | 1 Websphere Application Server | 2017-08-16 | 1.9 LOW | N/A |
| IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output. | |||||