Total
774 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5326 | 2 Ibm, Microsoft | 2 Rational Clearquest, Windows | 2025-04-09 | N/A |
| The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks. | ||||
| CVE-2009-0170 | 1 Sun | 1 Java System Access Manager | 2025-04-09 | N/A |
| Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console. | ||||
| CVE-2008-5690 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | N/A |
| The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5. | ||||
| CVE-2008-5871 | 1 Nortel | 1 Multimedia Communication Server 5100 | 2025-04-09 | N/A |
| Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command. | ||||
| CVE-2009-2271 | 1 Huawei | 1 D100 | 2025-04-09 | N/A |
| The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and has (2) a default password of admin for the admin account in the telnet interface; which makes it easier for remote attackers to obtain access. | ||||
| CVE-2009-2317 | 1 Axesstel | 1 Mv 410r | 2025-04-09 | N/A |
| The Axesstel MV 410R has a certain default administrator password, and does not force a password change, which makes it easier for remote attackers to obtain access. | ||||
| CVE-2007-5579 | 1 Pligg | 1 Pligg Cms | 2025-04-09 | N/A |
| login.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, which allows remote attackers with knowledge of a username to reset that user's password by calculating the confirmationcode parameter. | ||||
| CVE-2009-2374 | 1 Drupal | 1 Drupal | 2025-04-09 | N/A |
| Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from those links or (2) when page caching is enabled, the Drupal page cache. | ||||
| CVE-2009-2429 | 1 Mcafee | 1 Smartfilter | 2025-04-09 | N/A |
| SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in admin_backup.xml files and uses insecure permissions for these files, which allows local users to gain privileges. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-2508 | 1 Microsoft | 2 Windows Server 2003, Windows Server 2008 | 2025-04-09 | N/A |
| The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability." | ||||
| CVE-2008-7050 | 1 Wowraidmanager | 1 Wowraidmanager | 2025-04-09 | N/A |
| The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password. | ||||
| CVE-2009-0216 | 1 Ge Fanuc | 1 Ifix | 2025-04-09 | N/A |
| GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module. | ||||
| CVE-2007-4994 | 1 Redhat | 2 Certificate Server, Certificate System | 2025-04-09 | N/A |
| Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL. | ||||
| CVE-2009-1745 | 1 Armorlogic | 1 Profense Web Application Firewall | 2025-04-09 | N/A |
| Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, has a default root password hash, and permits password-based root logins over SSH, which makes it easier for remote attackers to obtain access. | ||||
| CVE-2009-0503 | 1 Ibm | 1 Websphere Message Broker | 2025-04-09 | N/A |
| IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs. | ||||
| CVE-2009-0616 | 1 Cisco | 1 Application Networking Manager | 2025-04-09 | N/A |
| Cisco Application Networking Manager (ANM) before 2.0 uses default usernames and passwords, which makes it easier for remote attackers to access the application, or cause a denial of service via configuration changes, related to "default user credentials during installation." | ||||
| CVE-2009-0620 | 1 Cisco | 2 Application Control Engine Module, Catalyst | 2025-04-09 | N/A |
| Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access. | ||||
| CVE-2009-0632 | 1 Cisco | 1 Unified Communications Manager | 2025-04-09 | N/A |
| The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x. | ||||
| CVE-2009-0644 | 1 Swannsecurity | 1 Dvr4-securanet | 2025-04-09 | N/A |
| The HTTP interface in Swann DVR4-SecuraNet has a certain default administrative username and password, which makes it easier for remote attackers to obtain privileged access. | ||||
| CVE-2008-1880 | 2 Firebird, Gentoo | 2 Firebird, Linux | 2025-04-09 | N/A |
| The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password. | ||||