Search Results (4598 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3663 2 Redhat, Squirrelmail 2 Enterprise Linux, Squirrelmail 2026-04-23 N/A
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
CVE-2009-1560 1 Cisco 1 Wvc54gc 2026-04-23 N/A
The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 stores passwords and wireless-network keys in cleartext in (1) pass_wd.htm and (2) Wsecurity.htm, which allows remote attackers to obtain sensitive information by reading the HTML source code.
CVE-2007-5626 1 Bacula 1 Bacula 2026-04-23 5.5 Medium
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.
CVE-2008-1431 1 Raidsonic Technology 2 Firmware, Nas-4220-b 2026-04-23 N/A
RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key.
CVE-2007-4960 1 Linden Lab 1 Second Life 2026-04-23 N/A
Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' (double-quote space) sequence followed by the -autologin and -loginuri arguments, which cause the handler to post login credentials and software installation details to an arbitrary URL.
CVE-2008-4390 1 Cisco 2 Linksys Wvc54gc, Linksys Wvc54gc Firmware 2026-04-23 7.5 High
The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network.
CVE-2007-4961 1 Lindenlab 1 Second Life 2026-04-23 7.5 High
The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server.
CVE-2008-5100 1 Microsoft 1 .net Framework 2026-04-23 N/A
The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
CVE-2008-1527 1 Zyxel 3 Prestige 660, Prestige 661, Zynos 2026-04-23 N/A
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), support authentication over HTTP via a hash string in the hiddenPassword field, which allows remote attackers to obtain access via a replay attack.
CVE-2007-4928 1 Axis 1 207w Network Camera 2026-04-23 N/A
The AXIS 207W camera stores a WEP or WPA key in cleartext in the configuration file, which might allow local users to obtain sensitive information.
CVE-2008-6157 1 Sepcity 1 Classified Ads 2026-04-23 7.5 High
SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information.
CVE-2008-2285 1 Ubuntu 1 Linux 2026-04-23 N/A
The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool.
CVE-2009-1174 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors.
CVE-2008-1383 1 Gentoo 1 Linux 2026-04-23 N/A
The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.
CVE-2009-2417 3 Curl, Libcurl, Redhat 3 Libcurl, Libcurl, Enterprise Linux 2026-04-23 N/A
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2007-6521 1 Opera 1 Opera Browser 2026-04-23 N/A
Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates.
CVE-2009-2510 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more 2026-04-23 N/A
The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
CVE-2009-0346 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
The IP-in-IP packet processing implementation in the IPsec and IP stacks in the kernel in Sun Solaris 9 and 10, and OpenSolaris snv_01 though snv_85, allows local users to cause a denial of service (panic) via a self-encapsulated packet that lacks IPsec protection.
CVE-2007-5024 1 Emc 1 Vmware Server 2026-04-23 N/A
EMC VMware Server before 1.0.4 Build 56528 writes passwords in cleartext to unspecified log files, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2005-3620.
CVE-2008-5331 1 Adobe 1 Acrobat 2026-04-23 N/A
Adobe Acrobat 9 uses more efficient encryption than previous versions, which makes it easier for attackers to guess a document's password via a brute-force attack.