Total
755 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4677 | 1 Vim | 2 Netrw, Vim | 2024-08-07 | N/A |
| autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating "I'm assuming that they're using the same id and password on that unchanged hostname, deliberately." | ||||
| CVE-2008-4646 | 1 Websense | 1 Enterpise | 2024-08-07 | N/A |
| The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log, which allows local users to gain privileges to the database. | ||||
| CVE-2008-4540 | 2 Htc, Microsoft | 2 Hermes, Windows Mobile | 2024-08-07 | N/A |
| Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access. | ||||
| CVE-2008-4292 | 1 Opera | 1 Opera Browser | 2024-08-07 | N/A |
| Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and attack vectors. NOTE: it is not clear whether this is a vulnerability, but the vendor included it in a security section of the advisory. | ||||
| CVE-2008-4296 | 1 Cisco | 1 Linksys Wrt350n | 2024-08-07 | N/A |
| The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access. | ||||
| CVE-2008-3859 | 1 Davlin | 1 Thickbox Gallery | 2024-08-07 | N/A |
| Davlin Thickbox Gallery 2 allows remote attackers to obtain the administrative username and MD5 password hash via a direct request to conf/admins.php. | ||||
| CVE-2008-3840 | 1 Craftysyntax | 1 Crafty Syntax Live Help | 2024-08-07 | N/A |
| Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. | ||||
| CVE-2008-3617 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-08-07 | N/A |
| Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer. | ||||
| CVE-2008-3249 | 1 Lenovo | 1 Thinkvantage System Update | 2024-08-07 | N/A |
| The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM. | ||||
| CVE-2008-3235 | 1 Ibm | 1 Websphere Application Server | 2024-08-07 | N/A |
| Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors. | ||||
| CVE-2008-3067 | 1 Suse | 1 Opensuse | 2024-08-07 | N/A |
| sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits. | ||||
| CVE-2008-3059 | 1 Octeth | 1 Oempro | 2024-08-07 | N/A |
| member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly other versions before 4, uses cleartext to transmit a password entered in the FormValue_Password field, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to the "Settings - Account Information" tab. | ||||
| CVE-2008-3009 | 1 Microsoft | 8 Windows 2000, Windows Media Format Runtime, Windows Media Player and 5 more | 2024-08-07 | N/A |
| Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." | ||||
| CVE-2008-2857 | 1 Alstrasoft | 1 Askme | 2024-08-07 | N/A |
| AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. | ||||
| CVE-2008-2368 | 1 Redhat | 1 Certificate System | 2024-08-07 | N/A |
| Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files. | ||||
| CVE-2008-2312 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-08-07 | N/A |
| Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file. | ||||
| CVE-2008-2279 | 1 Freelance Auction | 1 Freelance Auction Script | 2024-08-07 | N/A |
| Freelance Auction Script 1.0 stores user passwords in plaintext in the tbl_users table, which allows attackers to gain privileges by reading the table. | ||||
| CVE-2008-2291 | 1 Symantec | 1 Altiris Deployment Solution | 2024-08-07 | N/A |
| axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials. | ||||
| CVE-2008-1970 | 1 Mucommander | 1 Mucommander | 2024-08-07 | N/A |
| muCommander before 0.8.2 stores credentials.xml with insecure permissions, which allows local users to obtain credentials. | ||||
| CVE-2008-1880 | 2 Firebird, Gentoo | 2 Firebird, Linux | 2024-08-07 | N/A |
| The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password. | ||||