Total
725 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6473 | 1 Blogator-script | 1 Blogator-script | 2024-11-21 | 6.4 MEDIUM | N/A |
| _blogadata/include/init_pass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified "a" parameter with a "%" wildcard symbol in the b parameter. | |||||
| CVE-2008-6232 | 1 Preprojects | 1 Pre Shopping Mall | 2024-11-21 | 7.5 HIGH | N/A |
| Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | |||||
| CVE-2008-6231 | 1 Preprojects | 1 Pre Classified Listings | 2024-11-21 | 7.5 HIGH | N/A |
| Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | |||||
| CVE-2008-6228 | 1 Preproject | 1 Pre Multi-vendor Shopping Malls | 2024-11-21 | 7.5 HIGH | N/A |
| Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | |||||
| CVE-2008-6191 | 1 Intrinsic | 1 Swimage Encore | 2024-11-21 | 2.1 LOW | N/A |
| Conductor.exe in Intrinsic Swimage Encore before 5.0.1.21 contains a hardcoded password, which might allow local users to decrypt certain .bin files. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||||
| CVE-2008-5871 | 1 Nortel | 1 Multimedia Communication Server 5100 | 2024-11-21 | 6.4 MEDIUM | N/A |
| Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command. | |||||
| CVE-2008-5848 | 1 Advantech | 14 Adam-6015, Adam-6017, Adam-6018 and 11 more | 2024-11-21 | 10.0 HIGH | N/A |
| The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and (1) monitor or (2) control the module's Modbus/TCP I/O activity. | |||||
| CVE-2008-5847 | 1 Constructr | 1 Constructr-cms | 2024-11-21 | 2.6 LOW | N/A |
| Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column. | |||||
| CVE-2008-5696 | 1 Novell | 1 Netware | 2024-11-21 | 9.3 HIGH | N/A |
| Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations. | |||||
| CVE-2008-5690 | 1 Sun | 2 Opensolaris, Solaris | 2024-11-21 | 2.1 LOW | N/A |
| The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5. | |||||
| CVE-2008-5670 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 6.8 MEDIUM | N/A |
| Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session. | |||||
| CVE-2008-5327 | 1 Ibm | 1 Rational Clearquest | 2024-11-21 | 6.5 MEDIUM | N/A |
| The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree. | |||||
| CVE-2008-5326 | 2 Ibm, Microsoft | 2 Rational Clearquest, Windows | 2024-11-21 | 4.4 MEDIUM | N/A |
| The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks. | |||||
| CVE-2008-5188 | 1 Ecryptfs | 1 Ecryptfs Utils | 2024-11-21 | 7.2 HIGH | N/A |
| The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2008-5184 | 1 Apple | 1 Cups | 2024-11-21 | 10.0 HIGH | N/A |
| The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. | |||||
| CVE-2008-5104 | 2 Dcgrendel, Ubuntu | 2 Vmbuilder, Ubuntu Linux | 2024-11-21 | 7.2 HIGH | N/A |
| Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by (1) python-vm-builder or (2) ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! (exclamation point) as the default root password, which allows attackers to bypass intended login restrictions. | |||||
| CVE-2008-5103 | 2 Dcgrendel, Ubuntu | 2 Vmbuilder, Ubuntu Linux | 2024-11-21 | 7.2 HIGH | N/A |
| The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions. | |||||
| CVE-2008-4874 | 1 Philips Electronics | 1 Voip841 Dect Phone | 2024-11-21 | 5.0 MEDIUM | N/A |
| The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access. | |||||
| CVE-2008-4807 | 1 Ibm | 1 Lotus Connections | 2024-11-21 | 2.1 LOW | N/A |
| IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-4677 | 1 Vim | 2 Netrw, Vim | 2024-11-21 | 4.3 MEDIUM | N/A |
| autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating "I'm assuming that they're using the same id and password on that unchanged hostname, deliberately." | |||||