Total
774 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2312 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file. | ||||
| CVE-2008-2368 | 1 Redhat | 1 Certificate System | 2025-04-09 | N/A |
| Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files. | ||||
| CVE-2008-2279 | 1 Freelance Auction | 1 Freelance Auction Script | 2025-04-09 | N/A |
| Freelance Auction Script 1.0 stores user passwords in plaintext in the tbl_users table, which allows attackers to gain privileges by reading the table. | ||||
| CVE-2007-6329 | 1 Microsoft | 1 Office | 2025-04-09 | N/A |
| Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container. | ||||
| CVE-2008-1394 | 1 Plone | 1 Plone Cms | 2025-04-09 | N/A |
| Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network. | ||||
| CVE-2003-1482 | 1 Microsoft | 1 Mn-500 Wireless Base Station | 2025-04-03 | N/A |
| The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access. | ||||
| CVE-2002-2301 | 1 Lawson Software | 1 Lawson Financials | 2025-04-03 | N/A |
| Lawson Financials 8.0, when configured to use a third party relational database, stores usernames and passwords in a world-readable file, which allows local users to read the passwords and log onto the database. | ||||
| CVE-2004-1366 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2025-04-03 | N/A |
| Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges. | ||||
| CVE-2005-2666 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2025-04-03 | N/A |
| SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key. | ||||
| CVE-2004-2696 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call. | ||||
| CVE-1999-1214 | 5 Bsd, Freebsd, Netbsd and 2 more | 5 Bsd, Freebsd, Netbsd and 2 more | 2025-04-03 | N/A |
| The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID. | ||||
| CVE-2002-2384 | 1 Hotfoon Corporation | 1 Hotfoon | 2025-04-03 | N/A |
| hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry key, which allows local users to gain access to user accounts and steal phone service. | ||||
| CVE-2003-1439 | 1 Silc | 1 Secure Internet Live Conferencing | 2025-04-03 | N/A |
| Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information. | ||||
| CVE-2004-2722 | 1 Nessus | 1 Nessus | 2025-04-03 | N/A |
| Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the original researcher reports that the vendor has disputed this issue | ||||
| CVE-2002-2290 | 1 Mambo | 1 Mambo Site Server | 2025-04-03 | N/A |
| Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges. | ||||
| CVE-2004-2708 | 1 Phrozensmoke | 1 Gyach Enhanced | 2025-04-03 | N/A |
| Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file. | ||||
| CVE-2002-2310 | 1 Kryptronic | 1 Clickcartpro | 2025-04-03 | N/A |
| ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords. | ||||
| CVE-2002-2345 | 1 Oracle | 1 Application Server | 2025-04-03 | N/A |
| Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access. | ||||
| CVE-2003-1376 | 1 Winzip | 1 Winzip | 2025-04-03 | N/A |
| WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder. | ||||
| CVE-2003-1394 | 1 Coffeecup Software | 1 Coffeecup Password Wizard | 2025-04-03 | N/A |
| CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file. | ||||