Search Results (782 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-0387 1 Microsoft 2 Windows 95, Windows 98 2026-04-16 N/A
A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords.
CVE-2006-4068 1 Pswd.js 1 Pswd.js 2026-04-16 N/A
The pswd.js script relies on the client to calculate whether a username and password match hard-coded hashed values for a server, and uses a hashing scheme that creates a large number of collisions, which makes it easier for remote attackers to conduct offline brute force attacks. NOTE: this script might also allow attackers to generate the server-side "secret" URL without determining the original password, but this possibility was not discussed by the original researcher.
CVE-2003-1439 1 Silc 1 Secure Internet Live Conferencing 2026-04-16 N/A
Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information.
CVE-2005-2666 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2026-04-16 N/A
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
CVE-2006-2481 1 Vmware 1 Esx 2026-04-16 N/A
VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619).
CVE-2006-1002 1 Netgear 1 Wgt624 2026-04-16 N/A
NETGEAR WGT624 Wireless DSL router has a default account of super_username "Gearguy" and super_passwd "Geardog", which allows remote attackers to modify the configuration. NOTE: followup posts have suggested that this might not occur with all WGT624 routers.
CVE-2003-1424 1 Petitforum 1 Petitforum 2026-04-16 N/A
message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie.
CVE-2003-1394 1 Coffeecup Software 1 Coffeecup Password Wizard 2026-04-16 N/A
CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file.
CVE-2005-4862 1 Xwiki 1 Xwiki 2026-04-16 N/A
The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password.
CVE-2004-2723 1 Nessus 1 Nessuswx 2026-04-16 N/A
NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords.
CVE-2004-2722 1 Nessus 1 Nessus 2026-04-16 N/A
Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the original researcher reports that the vendor has disputed this issue
CVE-2004-2708 1 Phrozensmoke 1 Gyach Enhanced 2026-04-16 N/A
Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file.
CVE-2004-2696 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call.
CVE-2004-2532 1 Solarwinds 1 Serv-u File Server 2026-04-16 N/A
Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.
CVE-2003-1376 1 Winzip 1 Winzip 2026-04-16 N/A
WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder.
CVE-2002-2412 1 Nullsoft 1 Winamp 2026-04-16 N/A
Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.
CVE-2002-2389 1 Fastlink Software 1 The Server 2026-04-16 N/A
TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files.
CVE-2002-2384 1 Hotfoon Corporation 1 Hotfoon 2026-04-16 N/A
hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry key, which allows local users to gain access to user accounts and steal phone service.
CVE-2002-2355 1 Netgear 1 Fm114p 2026-04-16 N/A
Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information.
CVE-2002-2345 1 Oracle 1 Application Server 2026-04-16 N/A
Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access.