Total
536 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1466 | 1 Klinzmann | 1 Application Access Server | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2008-6157 | 1 Sepcity | 1 Classified Ads | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information. | |||||
| CVE-2009-1603 | 2 Fedoraproject, Opensc-project | 2 Fedora, Opensc | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
| src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted. | |||||
| CVE-2009-0964 | 1 Xlinesoft | 1 Phprunner | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication. | |||||
| CVE-2008-6828 | 1 Symantec | 1 Altiris Deployment Solution | 2024-02-28 | 4.3 MEDIUM | 7.8 HIGH |
| Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server. | |||||
| CVE-2008-0174 | 1 Ge | 1 Proficy Real-time Information Portal | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges. | |||||
| CVE-2007-5778 | 1 Flexispy | 1 Mobile Spy | 2024-02-28 | 6.4 MEDIUM | 7.5 HIGH |
| Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network. | |||||
| CVE-2005-2209 | 1 Capturix | 1 Scanshare | 2024-02-28 | 1.9 LOW | 5.5 MEDIUM |
| Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users. | |||||
| CVE-2005-1828 | 1 Dlink | 2 Dsl-504t, Dsl-504t Firmware | 2024-02-28 | 7.5 HIGH | 7.5 HIGH |
| D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2004-2397 | 1 Broadcom | 1 Bluecoat Security Gateway | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates. | |||||
| CVE-2005-2160 | 1 Ipswitch | 1 Imail | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2001-1481 | 1 Xitami | 1 Xitami | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges. | |||||
| CVE-2001-1537 | 1 Symfony | 1 Twig | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges. | |||||
| CVE-2002-1696 | 2 Microsoft, Pgp | 2 Outlook, Personal Privacy | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message. | |||||
| CVE-2002-1800 | 1 Phprank | 1 Phprank | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password. | |||||
| CVE-2001-1536 | 1 Audiogalaxy | 1 Audiogalaxy | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack. | |||||