Search Results (4594 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-24311 1 Sap Se 1 Sap Customer Checkout 2.0 2026-04-16 5.6 Medium
The SAP Customer Checkout application exhibits certain design characteristics that involve locally storing operational data using reversible protection mechanisms. Access to this data, combined with user?initiated interaction, may allow modifications to occur without validation. Such changes could affect system behaviour during startup, resulting in a high impact on the application's confidentiality and integrity, with a low impact on availability.
CVE-2001-1537 1 Symfony 1 Twig 2026-04-16 7.5 High
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
CVE-2006-1056 3 Freebsd, Linux, Redhat 3 Freebsd, Linux Kernel, Enterprise Linux 2026-04-16 N/A
The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.
CVE-2006-4339 2 Openssl, Redhat 4 Openssl, Enterprise Linux, Network Satellite and 1 more 2026-04-16 N/A
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.
CVE-2005-2209 1 Capturix 1 Scanshare 2026-04-16 5.5 Medium
Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users.
CVE-2005-0844 1 Nortel 1 Contivity 2026-04-16 N/A
Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information.
CVE-2005-2069 3 Openldap, Padl, Redhat 4 Openldap, Nss Ldap, Pam Ldap and 1 more 2026-04-16 N/A
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
CVE-2003-0512 1 Cisco 1 Ios 2026-04-16 N/A
Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge.
CVE-2002-1800 1 Phprank 1 Phprank 2026-04-16 7.5 High
phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password.
CVE-2001-0103 1 Coffeecup Software 2 Coffeecup Direct Ftp, Coffeecup Free Ftp 2026-04-16 N/A
CoffeeCup Direct and Free FTP clients uses weak encryption to store passwords in the FTPServers.ini file, which could allow attackers to easily decrypt the passwords.
CVE-2004-2397 1 Broadcom 1 Bluecoat Security Gateway 2026-04-16 7.5 High
The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates.
CVE-2003-1483 1 Flashfxp 1 Flashfxp 2026-04-16 N/A
FlashFXP 1.4 uses a weak encryption algorithm for user passwords, which allows attackers to decrypt the passwords and gain access.
CVE-2001-1536 1 Audiogalaxy 1 Audiogalaxy 2026-04-16 7.5 High
Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack.
CVE-2005-2160 1 Ipswitch 1 Imail 2026-04-16 7.5 High
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.
CVE-2002-2303 1 3d3.com 1 Shopfactory 2026-04-16 N/A
3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for sensitive price data, which allows remote attackers to modify shopping cart prices by using the Javascript to decrypt the cookie that contains the data.
CVE-2002-1949 1 Iomega 2 Nas A300u, Nas A300u Firmware 2026-04-16 7.5 High
The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password.
CVE-2003-1389 1 Research Triangle Software 1 Cryptobuddy 2026-04-16 N/A
RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks.
CVE-2005-4066 1 Christian Ghisler 1 Total Commander 2026-04-16 N/A
Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm.
CVE-2002-1696 2 Microsoft, Pgp 2 Outlook, Personal Privacy 2026-04-16 5.5 Medium
Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message.
CVE-2004-2721 1 Heiko Stamer 1 Openskat 2026-04-16 N/A
The CheckGroup function in openSkat VTMF before 2.1 generates public key pairs in which the "p" variable might not be prime, which allows remote attackers to determine the private key and decrypt messages.