Search Results (2330 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-7050 1 Wowraidmanager 1 Wowraidmanager 2026-04-23 N/A
The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password.
CVE-2010-0229 1 Verbatim 1 Corporate Secure 2026-04-23 N/A
Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time.
CVE-2007-6267 1 Citrix 3 Edgesight For Endpoints, Edgesight For Netscaler, Edgesight For Presentation Server 2026-04-23 N/A
Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information.
CVE-2009-0054 1 Cisco 2 Ironport Encryption Appliance, Ironport Postx 2026-04-23 N/A
PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to capture credentials by tricking a user into reading a modified or crafted e-mail message.
CVE-2009-0216 1 Ge Fanuc 1 Ifix 2026-04-23 N/A
GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module.
CVE-2009-2317 1 Axesstel 1 Mv 410r 2026-04-23 N/A
The Axesstel MV 410R has a certain default administrator password, and does not force a password change, which makes it easier for remote attackers to obtain access.
CVE-2009-2435 1 Ibm 1 Lotus Instant Messaging And Web Conferencing 2026-04-23 N/A
The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
CVE-2008-5104 2 Dcgrendel, Ubuntu 2 Vmbuilder, Ubuntu Linux 2026-04-23 N/A
Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by (1) python-vm-builder or (2) ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! (exclamation point) as the default root password, which allows attackers to bypass intended login restrictions.
CVE-2007-6260 1 Oracle 1 Database Server 2026-04-23 N/A
The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed.
CVE-2009-1273 1 Andrew J.korty 1 Pam Ssh 2026-04-23 N/A
pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.
CVE-2009-3548 1 Apache 1 Tomcat 2026-04-23 N/A
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
CVE-2007-5579 1 Pligg 1 Pligg Cms 2026-04-23 N/A
login.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, which allows remote attackers with knowledge of a username to reset that user's password by calculating the confirmationcode parameter.
CVE-2007-6661 1 2z Project 1 2z Project 2026-04-23 N/A
2z project 0.9.6.1 allows attackers to change the password without supplying the old password.
CVE-2008-3059 1 Octeth 1 Oempro 2026-04-23 N/A
member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly other versions before 4, uses cleartext to transmit a password entered in the FormValue_Password field, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to the "Settings - Account Information" tab.
CVE-2009-2829 1 Apple 1 Mac Os X Server 2026-04-23 N/A
Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection" issue.
CVE-2007-0057 1 Cisco 1 Network Admission Control Manager And Server System Software 2026-04-23 N/A
Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access.
CVE-2008-1218 1 Dovecot 1 Dovecot 2026-04-23 N/A
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
CVE-2009-2271 1 Huawei 1 D100 2026-04-23 N/A
The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and has (2) a default password of admin for the admin account in the telnet interface; which makes it easier for remote attackers to obtain access.
CVE-2008-5184 1 Apple 1 Cups 2026-04-23 N/A
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.
CVE-2008-0996 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.