Search Results (4416 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2160 1 Ipswitch 1 Imail 2025-04-03 7.5 High
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.
CVE-2005-2209 1 Capturix 1 Scanshare 2025-04-03 5.5 Medium
Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users.
CVE-2005-0844 1 Nortel 1 Contivity 2025-04-03 N/A
Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information.
CVE-2005-2069 3 Openldap, Padl, Redhat 4 Openldap, Nss Ldap, Pam Ldap and 1 more 2025-04-03 N/A
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
CVE-2001-1537 1 Symfony 1 Twig 2025-04-03 7.5 High
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
CVE-2001-0103 1 Coffeecup Software 2 Coffeecup Direct Ftp, Coffeecup Free Ftp 2025-04-03 N/A
CoffeeCup Direct and Free FTP clients uses weak encryption to store passwords in the FTPServers.ini file, which could allow attackers to easily decrypt the passwords.
CVE-2003-1389 1 Research Triangle Software 1 Cryptobuddy 2025-04-03 N/A
RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks.
CVE-2003-1344 1 Trend Micro 1 Virus Control System 2025-04-03 N/A
Trend Micro Virus Control System (TVCS) Log Collector allows remote attackers to obtain usernames, encrypted passwords, and other sensitive information via a URL request for getservers.exe with the action parameter set to "selects1", which returns log files.
CVE-2006-0591 2 Redhat, Solar Designer 2 Enterprise Linux, Crypt Blowfish 2025-04-03 N/A
The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.
CVE-2005-1828 1 Dlink 2 Dsl-504t, Dsl-504t Firmware 2025-04-03 7.5 High
D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.
CVE-2002-1800 1 Phprank 1 Phprank 2025-04-03 7.5 High
phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password.
CVE-2005-3140 1 Procom 2 Netforce 800, Netforce 800 Firmware 2025-04-03 7.5 High
Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes.
CVE-2006-0270 1 Oracle 1 Database Server 2025-04-03 N/A
Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without encryption, which allows local users to obtain the key via the SGA.
CVE-2004-2703 1 Clearswift 4 Mailsweeper Business Suite I, Mailsweeper Business Suite Ii, Mailsweeper For Smtp and 1 more 2025-04-03 N/A
Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted data in a mail message, which causes the message to be marked as "Clean" instead of "Encrypted".
CVE-2004-2397 1 Broadcom 1 Bluecoat Security Gateway 2025-04-03 7.5 High
The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates.
CVE-2003-1447 1 Ibm 1 Websphere Application Server 2025-04-03 N/A
IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML.
CVE-2006-1056 3 Freebsd, Linux, Redhat 3 Freebsd, Linux Kernel, Enterprise Linux 2025-04-03 N/A
The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.
CVE-2005-4066 1 Christian Ghisler 1 Total Commander 2025-04-03 N/A
Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm.
CVE-2001-1473 1 Ssh 1 Ssh 2025-04-03 N/A
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
CVE-2000-0589 1 Sawmill 1 Sawmill 2025-04-03 N/A
SawMill 5.0.21 uses weak encryption to store passwords, which allows attackers to easily decrypt the password and modify the SawMill configuration.