Total
2480 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-2780 | 1 Albinoloverats | 1 Anubis Plugin | 2024-08-07 | N/A |
The Anubis (aka Anubis+Ripe160) plugin before 1.3 for encrypt stores the unencrypted file's size in cleartext in the header of the encrypted file, which allows attackers to distinguish between encrypted data and random padding at the end of the encrypted file. | ||||
CVE-2008-2558 | 1 Cre Loaded | 1 Cre Loaded | 2024-08-07 | N/A |
CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute for cookies that are sent over HTTPS, which might allow remote attackers to sniff the cookies if they are sent over HTTP. | ||||
CVE-2008-2285 | 1 Ubuntu | 1 Linux | 2024-08-07 | N/A |
The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool. | ||||
CVE-2008-2299 | 2 Citrix, Microsoft | 4 Access Essentials, Desktop Server, Presentation Server and 1 more | 2024-08-07 | N/A |
Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass intended restrictions. | ||||
CVE-2008-2235 | 2 Opensc-project, Siemens | 2 Opensc, Cardos | 2024-08-07 | N/A |
OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN. | ||||
CVE-2008-1886 | 1 Cdnetworks | 1 Download Client | 2024-08-07 | N/A |
The NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download uses weak cryptography for a KeyCode that blocks unauthorized use of the control, which allows remote attackers to bypass this protection mechanism by calculating the required KeyCode. NOTE: this can be used by arbitrary web sites to host exploit code that targets this control. | ||||
CVE-2008-1754 | 1 Symantec | 1 Altiris Deployment Solution | 2024-08-07 | N/A |
Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory. | ||||
CVE-2008-1772 | 1 Iscripts | 1 Socialware | 2024-08-07 | N/A |
iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information. | ||||
CVE-2008-1711 | 1 Terong | 1 Advanced Web Photo Gallery | 2024-08-07 | N/A |
Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. | ||||
CVE-2008-1431 | 1 Raidsonic Technology | 2 Firmware, Nas-4220-b | 2024-08-07 | N/A |
RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key. | ||||
CVE-2008-1527 | 1 Zyxel | 3 Prestige 660, Prestige 661, Zynos | 2024-08-07 | N/A |
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), support authentication over HTTP via a hash string in the hiddenPassword field, which allows remote attackers to obtain access via a replay attack. | ||||
CVE-2008-1383 | 1 Gentoo | 1 Linux | 2024-08-07 | N/A |
The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate. | ||||
CVE-2008-1263 | 1 Linksys | 1 Wrt54g | 2024-08-07 | N/A |
The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI. | ||||
CVE-2008-0759 | 1 Group Logic | 2 Extremez-ip File Server, Extremez-ip Print Server | 2024-08-07 | N/A |
ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allows remote attackers to cause a denial of service (daemon crash) via an invalid UAM field in a request to the Apple Filing Protocol (AFP) service on TCP port 548. | ||||
CVE-2009-5032 | 1 Ibm | 1 Lotus Notes Traveler | 2024-08-07 | N/A |
The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0.2 sends unencrypted messages when the feature is used without uploading a Notes ID file, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | ||||
CVE-2009-4845 | 1 Toutvirtual | 1 Virtualiq | 2024-08-07 | N/A |
The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 contains cleartext SSH credentials, which allows remote attackers to obtain sensitive information by reading the username and password fields. | ||||
CVE-2009-4655 | 1 Novell | 1 Edirectory | 2024-08-07 | N/A |
The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie. | ||||
CVE-2009-4565 | 2 Redhat, Sendmail | 2 Enterprise Linux, Sendmail | 2024-08-07 | N/A |
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||||
CVE-2009-4269 | 1 Apache | 1 Derby | 2024-08-07 | N/A |
The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution. | ||||
CVE-2009-4144 | 2 Gnome, Redhat | 2 Networkmanager, Enterprise Linux | 2024-08-07 | N/A |
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network. |