Search Results (2508 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2312 1 Mcafee 1 Smartfilter 2026-04-23 N/A
SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in config.txt and uses insecure permissions for this file, which allows local users to gain privileges.
CVE-2009-4302 1 Moodle 1 Moodle 2026-04-23 N/A
login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing.
CVE-2008-5100 1 Microsoft 1 .net Framework 2026-04-23 N/A
The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
CVE-2009-0547 2 Evolution, Redhat 2 Evolution, Enterprise Linux 2026-04-23 N/A
Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077.
CVE-2007-4750 1 Data-vision 1 Remotedocs R-viewer 2026-04-23 N/A
Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768 allows user-assisted remote attackers to execute arbitrary code via a crafted RDZ archive in which the first file has an executable extension.
CVE-2009-3624 1 Linux 2 Kernel, Linux Kernel 2026-04-23 N/A
The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel before 2.6.32-rc5 does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of service (OOPS) via vectors involving calls to this function without specifying a keyring by ID, as demonstrated by a series of keyctl request2 and keyctl list commands.
CVE-2008-3057 1 Octeth 1 Oempro 2026-04-23 N/A
Octeth Oempro 3.5.5.1, and possibly other versions before 4, does not set the secure flag for the PHPSESSID cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2007-4926 1 Axis 1 207w Camera 2026-04-23 N/A
The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote attackers to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors.
CVE-2007-5790 1 Globe7 1 Globe7 2026-04-23 N/A
The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequence of binary values) for the password, which might allow local users to obtain sensitive information.
CVE-2007-5638 1 Nortel 26 Business Communications Manager, Centrex Ip Client Manager, Centrex Ip Element Manager and 23 more 2026-04-23 N/A
The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines, use only 65536 different values in the 32-bit ID number field of an RUDP datagram, which makes it easier for remote attackers to guess the RUDP ID and spoof messages. NOTE: this can be leveraged for an eavesdropping attack by sending many Open Audio Stream messages.
CVE-2008-3288 1 Emc 1 Dantz Retrospect Backup Server 2026-04-23 N/A
The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords.
CVE-2008-5230 1 Cisco 1 Ios 2026-04-23 N/A
The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes it easier for remote attackers to decrypt packets from an access point (AP) to a client and spoof packets from an AP to a client, and conduct ARP poisoning attacks or other attacks, as demonstrated by tkiptun-ng.
CVE-2009-2510 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more 2026-04-23 N/A
The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
CVE-2009-0209 1 Osisoft 1 Pi Server 2026-04-23 N/A
PI Server in OSIsoft PI System before 3.4.380.x does not properly use encryption in the default authentication process, which allows remote attackers to read or modify information in databases via unspecified vectors.
CVE-2008-5328 1 Ibm 1 Rational Clearquest 2026-04-23 N/A
The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree during an import process.
CVE-2008-2285 1 Ubuntu 1 Linux 2026-04-23 N/A
The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool.
CVE-2009-2976 1 Cisco 2 Aironet Ap1100, Aironet Ap1200 2026-04-23 N/A
Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details, by sniffing the wireless network.
CVE-2007-4960 1 Linden Lab 1 Second Life 2026-04-23 N/A
Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' (double-quote space) sequence followed by the -autologin and -loginuri arguments, which cause the handler to post login credentials and software installation details to an arbitrary URL.
CVE-2009-4144 2 Gnome, Redhat 2 Networkmanager, Enterprise Linux 2026-04-23 N/A
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.
CVE-2007-5701 1 Ibm 1 Lotus Domino 2026-04-23 N/A
Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel.