Search Results (782 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3180 1 Anantasoft 1 Gazelle Cms 2026-04-23 N/A
Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a password reset for other users via a modified user parameter to renew.php.
CVE-2008-5326 2 Ibm, Microsoft 2 Rational Clearquest, Windows 2026-04-23 N/A
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks.
CVE-2009-0054 1 Cisco 2 Ironport Encryption Appliance, Ironport Postx 2026-04-23 N/A
PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to capture credentials by tricking a user into reading a modified or crafted e-mail message.
CVE-2007-5063 1 Adam Scheinberg 1 Flip 2026-04-23 N/A
Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt.
CVE-2007-3978 1 Bwired 1 Bwired 2026-04-23 N/A
Session fixation vulnerability in bwired allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2009-4096 1 Scriptlerim 1 Radio Isetek Scripti 2026-04-23 N/A
RADIO istek scripti 2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user credentials via a direct request for estafresgaftesantusyan.inc.
CVE-2010-0227 1 Verbatim 1 Corporate Secure 2026-04-23 N/A
Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program.
CVE-2009-3710 1 Riorey 1 Rios 2026-04-23 N/A
RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain privileges via port 8022.
CVE-2009-2945 1 Stanford 1 Webauth 2026-04-23 N/A
weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
CVE-2009-2829 1 Apple 1 Mac Os X Server 2026-04-23 N/A
Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection" issue.
CVE-2009-2192 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue."
CVE-2009-2087 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial of service (deployment failure) via unspecified vectors.
CVE-2009-0644 1 Swannsecurity 1 Dvr4-securanet 2026-04-23 N/A
The HTTP interface in Swann DVR4-SecuraNet has a certain default administrative username and password, which makes it easier for remote attackers to obtain privileged access.
CVE-2008-1543 1 Airspan 7 Easy St, Easy St-2, Prost and 4 more 2026-04-23 N/A
The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which makes it easier for remote attackers to obtain partial administrative access, a different vulnerability than CVE-2008-1262.
CVE-2008-6191 1 Intrinsic 1 Swimage Encore 2026-04-23 N/A
Conductor.exe in Intrinsic Swimage Encore before 5.0.1.21 contains a hardcoded password, which might allow local users to decrypt certain .bin files. NOTE: it is not clear whether this issue crosses privilege boundaries.
CVE-2008-4292 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and attack vectors. NOTE: it is not clear whether this is a vulnerability, but the vendor included it in a security section of the advisory.
CVE-2009-2374 1 Drupal 1 Drupal 2026-04-23 N/A
Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from those links or (2) when page caching is enabled, the Drupal page cache.
CVE-2008-1542 1 Airspan 1 Base Station Distribution Unit 2026-04-23 N/A
Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its password for the root account, which allows remote attackers to obtain administrative access via a telnet login, a different vulnerability than CVE-2008-1262.
CVE-2008-4874 1 Philips Electronics 1 Voip841 Dect Phone 2026-04-23 N/A
The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access.
CVE-2008-1970 1 Mucommander 1 Mucommander 2026-04-23 N/A
muCommander before 0.8.2 stores credentials.xml with insecure permissions, which allows local users to obtain credentials.