Total
569 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2002-1696 | 2 Microsoft, Pgp | 2 Outlook, Personal Privacy | 2024-08-08 | 5.5 Medium |
Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message. | ||||
CVE-2004-2397 | 1 Broadcom | 1 Bluecoat Security Gateway | 2024-08-08 | 7.5 High |
The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates. | ||||
CVE-2005-2209 | 1 Capturix | 1 Scanshare | 2024-08-07 | 5.5 Medium |
Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users. | ||||
CVE-2005-2160 | 1 Ipswitch | 1 Imail | 2024-08-07 | 7.5 High |
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information. | ||||
CVE-2005-1828 | 1 Dlink | 2 Dsl-504t, Dsl-504t Firmware | 2024-08-07 | 7.5 High |
D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information. | ||||
CVE-2007-5778 | 1 Flexispy | 1 Mobile Spy | 2024-08-07 | 7.5 High |
Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network. | ||||
CVE-2008-7272 | 1 Getfiregpg | 1 Firegpg | 2024-08-07 | 7.5 High |
FireGPG before 0.6 handle user’s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users’s private key. | ||||
CVE-2008-6828 | 1 Symantec | 1 Altiris Deployment Solution | 2024-08-07 | 7.8 High |
Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server. | ||||
CVE-2008-6157 | 1 Sepcity | 1 Classified Ads | 2024-08-07 | 7.5 High |
SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information. | ||||
CVE-2008-1567 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Opensuse and 1 more | 2024-08-07 | 5.5 Medium |
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. | ||||
CVE-2008-0174 | 1 Ge | 1 Proficy Real-time Information Portal | 2024-08-07 | 9.8 Critical |
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges. | ||||
CVE-2009-5068 | 1 Simplemachines | 1 Simple Machines Forum | 2024-08-07 | 7.2 High |
There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords. | ||||
CVE-2009-2272 | 1 Huawei | 2 D100, D100 Firmware | 2024-08-07 | 7.5 High |
The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors. | ||||
CVE-2009-1603 | 2 Fedoraproject, Opensc-project | 2 Fedora, Opensc | 2024-08-07 | 7.5 High |
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted. | ||||
CVE-2009-1466 | 1 Klinzmann | 1 Application Access Server | 2024-08-07 | 5.5 Medium |
Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file. | ||||
CVE-2009-0964 | 1 Xlinesoft | 1 Phprunner | 2024-08-07 | 7.5 High |
UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication. | ||||
CVE-2009-0152 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-08-07 | 7.5 High |
iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
CVE-2010-3282 | 3 Fedoraproject, Hp, Redhat | 4 389 Directory Server, Hp-ux Directory Server, Directory Server and 1 more | 2024-08-07 | 3.3 Low |
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log. | ||||
CVE-2010-0225 | 1 Sandisk | 2 Cruzer Enterprise, Cruzer Enterprise Firmware | 2024-08-07 | N/A |
SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key. | ||||
CVE-2011-5247 | 1 Prophecyinternational | 1 Snare | 2024-08-07 | 7.5 High |
Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword. |