Total
755 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-6588 | 1 Aztech | 1 Adsl2\/2\+4-port Router | 2024-08-07 | N/A |
Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed. | ||||
CVE-2008-6577 | 1 Nortel | 1 Cs1000 | 2024-08-07 | N/A |
Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges. | ||||
CVE-2008-6473 | 1 Blogator-script | 1 Blogator-script | 2024-08-07 | N/A |
_blogadata/include/init_pass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified "a" parameter with a "%" wildcard symbol in the b parameter. | ||||
CVE-2008-6232 | 1 Preprojects | 1 Pre Shopping Mall | 2024-08-07 | N/A |
Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | ||||
CVE-2008-6231 | 1 Preprojects | 1 Pre Classified Listings | 2024-08-07 | N/A |
Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | ||||
CVE-2008-6228 | 1 Preproject | 1 Pre Multi-vendor Shopping Malls | 2024-08-07 | N/A |
Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | ||||
CVE-2008-6191 | 1 Intrinsic | 1 Swimage Encore | 2024-08-07 | N/A |
Conductor.exe in Intrinsic Swimage Encore before 5.0.1.21 contains a hardcoded password, which might allow local users to decrypt certain .bin files. NOTE: it is not clear whether this issue crosses privilege boundaries. | ||||
CVE-2008-5871 | 1 Nortel | 1 Multimedia Communication Server 5100 | 2024-08-07 | N/A |
Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command. | ||||
CVE-2008-5847 | 1 Constructr | 1 Constructr-cms | 2024-08-07 | N/A |
Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column. | ||||
CVE-2008-5690 | 1 Sun | 2 Opensolaris, Solaris | 2024-08-07 | N/A |
The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5. | ||||
CVE-2008-5696 | 1 Novell | 1 Netware | 2024-08-07 | N/A |
Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations. | ||||
CVE-2008-5670 | 1 Textpattern | 1 Textpattern | 2024-08-07 | N/A |
Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session. | ||||
CVE-2008-5327 | 1 Ibm | 1 Rational Clearquest | 2024-08-07 | N/A |
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree. | ||||
CVE-2008-5326 | 2 Ibm, Microsoft | 2 Rational Clearquest, Windows | 2024-08-07 | N/A |
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks. | ||||
CVE-2008-5184 | 1 Apple | 1 Cups | 2024-08-07 | N/A |
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. | ||||
CVE-2008-5188 | 2 Ecryptfs, Redhat | 2 Ecryptfs Utils, Enterprise Linux | 2024-08-07 | N/A |
The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process. | ||||
CVE-2008-5103 | 2 Dcgrendel, Ubuntu | 2 Vmbuilder, Ubuntu Linux | 2024-08-07 | N/A |
The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions. | ||||
CVE-2008-5104 | 2 Dcgrendel, Ubuntu | 2 Vmbuilder, Ubuntu Linux | 2024-08-07 | N/A |
Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by (1) python-vm-builder or (2) ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! (exclamation point) as the default root password, which allows attackers to bypass intended login restrictions. | ||||
CVE-2008-4874 | 1 Philips Electronics | 1 Voip841 Dect Phone | 2024-08-07 | N/A |
The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access. | ||||
CVE-2008-4807 | 1 Ibm | 1 Lotus Connections | 2024-08-07 | N/A |
IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |