Filtered by vendor
Subscriptions
Total
756 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-1002 | 1 Netgear | 1 Wgt624 | 2024-11-21 | N/A |
NETGEAR WGT624 Wireless DSL router has a default account of super_username "Gearguy" and super_passwd "Geardog", which allows remote attackers to modify the configuration. NOTE: followup posts have suggested that this might not occur with all WGT624 routers. | ||||
CVE-2005-4862 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A |
The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password. | ||||
CVE-2005-2666 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2024-11-21 | N/A |
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key. | ||||
CVE-2004-2777 | 1 Gehealthcare | 1 Centricity Image Vault Firmware | 2024-11-21 | N/A |
GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | ||||
CVE-2004-2723 | 1 Nessus | 1 Nessuswx | 2024-11-21 | N/A |
NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords. | ||||
CVE-2004-2722 | 1 Nessus | 1 Nessus | 2024-11-21 | N/A |
Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the original researcher reports that the vendor has disputed this issue | ||||
CVE-2004-2708 | 1 Phrozensmoke | 1 Gyach Enhanced | 2024-11-21 | N/A |
Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file. | ||||
CVE-2004-2696 | 1 Bea | 1 Weblogic Server | 2024-11-21 | N/A |
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call. | ||||
CVE-2004-2532 | 1 Solarwinds | 1 Serv-u File Server | 2024-11-21 | N/A |
Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command. | ||||
CVE-2004-1366 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2024-11-21 | N/A |
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges. | ||||
CVE-2003-1605 | 1 Haxx | 1 Curl | 2024-11-21 | N/A |
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server. | ||||
CVE-2003-1603 | 1 Gehealthcare | 1 Discovery Vh | 2024-11-21 | N/A |
GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors. | ||||
CVE-2003-1588 | 1 Sun | 1 Cluster | 2024-11-21 | N/A |
Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file. | ||||
CVE-2003-1483 | 1 Flashfxp | 1 Flashfxp | 2024-11-21 | N/A |
FlashFXP 1.4 uses a weak encryption algorithm for user passwords, which allows attackers to decrypt the passwords and gain access. | ||||
CVE-2003-1482 | 1 Microsoft | 1 Mn-500 Wireless Base Station | 2024-11-21 | N/A |
The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access. | ||||
CVE-2003-1439 | 1 Silc | 1 Secure Internet Live Conferencing | 2024-11-21 | N/A |
Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information. | ||||
CVE-2003-1424 | 1 Petitforum | 1 Petitforum | 2024-11-21 | N/A |
message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie. | ||||
CVE-2003-1417 | 1 Ncipher | 1 Support Software | 2024-11-21 | N/A |
nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files. | ||||
CVE-2003-1401 | 1 Php Board | 1 Php Board | 2024-11-21 | N/A |
login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request. | ||||
CVE-2003-1394 | 1 Coffeecup Software | 1 Coffeecup Password Wizard | 2024-11-21 | N/A |
CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file. |