Search Results (4547 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0152 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 7.5 High
iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2007-5790 1 Globe7 1 Globe7 2026-04-23 N/A
The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequence of binary values) for the password, which might allow local users to obtain sensitive information.
CVE-2008-1567 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Opensuse and 1 more 2026-04-23 5.5 Medium
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.
CVE-2007-4656 1 Backup Manager 1 Backup Manager 2026-04-23 N/A
backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766.
CVE-2009-2749 1 Ibm 2 Communications Enabled Applications, Websphere Application Server 2026-04-23 N/A
Feature Pack for Communications Enabled Applications (CEA) before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value.
CVE-2008-6824 1 A-link 2 Wl54ap2, Wl54ap3 2026-04-23 N/A
The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access.
CVE-2006-6674 1 Ozeki 1 Http-sms Gateway 2026-04-23 N/A
Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and passwords in plaintext in the HKLM\Software\Ozeki\SMSServer\CurrentVersion\Plugins\httpsmsgate registry key, which allows local users to obtain sensitive information.
CVE-2008-5331 1 Adobe 1 Acrobat 2026-04-23 N/A
Adobe Acrobat 9 uses more efficient encryption than previous versions, which makes it easier for attackers to guess a document's password via a brute-force attack.
CVE-2008-2558 1 Cre Loaded 1 Cre Loaded 2026-04-23 N/A
CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute for cookies that are sent over HTTPS, which might allow remote attackers to sniff the cookies if they are sent over HTTP.
CVE-2008-6073 1 Magic2003 1 Storagecrypt 2026-04-23 N/A
StorageCrypt 2.0.1 does not properly encrypt disks, which allows local users to obtain sensitive information via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6909 2 Drupal, Marc Ingram 2 Drupal, Services 2026-04-23 N/A
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges.
CVE-2009-3936 1 Citrix 3 Online Plug-in For Mac, Online Plug-in For Windows, Receiver For Iphone 2026-04-23 N/A
Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/TLS server and bypass authentication via a crafted certificate, a different vulnerability than CVE-2009-3555.
CVE-2008-3270 1 Redhat 1 Enterprise Linux 2026-04-23 N/A
yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of updates) or force the download and installation of official Red Hat packages that were not requested.
CVE-2009-3766 2 Mutt, Openssl 2 Mutt, Openssl 2026-04-23 N/A
mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2008-3663 2 Redhat, Squirrelmail 2 Enterprise Linux, Squirrelmail 2026-04-23 N/A
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
CVE-2009-0964 1 Xlinesoft 1 Phprunner 2026-04-23 7.5 High
UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication.
CVE-2008-2235 2 Opensc-project, Siemens 2 Opensc, Cardos 2026-04-23 N/A
OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.
CVE-2008-1711 1 Terong 1 Advanced Web Photo Gallery 2026-04-23 N/A
Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
CVE-2009-3942 1 Martin Lambers 1 Msmtp 2026-04-23 N/A
Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2009-3044 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.