Total
2494 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5768 | 1 Globe7 | 1 Globe7 | 2025-04-09 | N/A |
| The Globe7 soft phone client 7.3 sends username and password information in cleartext, which allows remote attackers to obtain sensitive information by sniffing the HTTP traffic. | ||||
| CVE-2007-5790 | 1 Globe7 | 1 Globe7 | 2025-04-09 | N/A |
| The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequence of binary values) for the password, which might allow local users to obtain sensitive information. | ||||
| CVE-2008-1431 | 1 Raidsonic Technology | 2 Firmware, Nas-4220-b | 2025-04-09 | N/A |
| RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key. | ||||
| CVE-2007-6635 | 1 Netbizcity | 1 Faqmasterflexplus | 2025-04-09 | N/A |
| FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in cleartext in a database, which might allow context-dependent attackers to obtain the password via unspecified database access. | ||||
| CVE-2008-1886 | 1 Cdnetworks | 1 Download Client | 2025-04-09 | N/A |
| The NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download uses weak cryptography for a KeyCode that blocks unauthorized use of the control, which allows remote attackers to bypass this protection mechanism by calculating the required KeyCode. NOTE: this can be used by arbitrary web sites to host exploit code that targets this control. | ||||
| CVE-2008-0759 | 1 Group Logic | 2 Extremez-ip File Server, Extremez-ip Print Server | 2025-04-09 | N/A |
| ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allows remote attackers to cause a denial of service (daemon crash) via an invalid UAM field in a request to the Apple Filing Protocol (AFP) service on TCP port 548. | ||||
| CVE-2008-1263 | 1 Linksys | 1 Wrt54g | 2025-04-09 | N/A |
| The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI. | ||||
| CVE-2008-1754 | 1 Symantec | 1 Altiris Deployment Solution | 2025-04-09 | N/A |
| Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory. | ||||
| CVE-2008-2285 | 1 Ubuntu | 1 Linux | 2025-04-09 | N/A |
| The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool. | ||||
| CVE-2008-2558 | 1 Cre Loaded | 1 Cre Loaded | 2025-04-09 | N/A |
| CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute for cookies that are sent over HTTPS, which might allow remote attackers to sniff the cookies if they are sent over HTTP. | ||||
| CVE-2008-7113 | 1 Kyoceramita | 1 Scanner File Utility | 2025-04-09 | N/A |
| The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 uses a small space of predictable user identification numbers for access control, which allows remote attackers to upload documents via a brute force attack. | ||||
| CVE-2008-6073 | 1 Magic2003 | 1 Storagecrypt | 2025-04-09 | N/A |
| StorageCrypt 2.0.1 does not properly encrypt disks, which allows local users to obtain sensitive information via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-3057 | 1 Octeth | 1 Oempro | 2025-04-09 | N/A |
| Octeth Oempro 3.5.5.1, and possibly other versions before 4, does not set the secure flag for the PHPSESSID cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
| CVE-2008-3270 | 1 Redhat | 1 Enterprise Linux | 2025-04-09 | N/A |
| yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of updates) or force the download and installation of official Red Hat packages that were not requested. | ||||
| CVE-2008-7023 | 1 Arubanetworks | 2 Aruba Mobility Controller, Arubaos | 2025-04-09 | N/A |
| Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation. | ||||
| CVE-2008-3532 | 2 Pidgin, Redhat | 2 Pidgin, Enterprise Linux | 2025-04-09 | N/A |
| The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. | ||||
| CVE-2008-6193 | 1 Myblog | 1 Myblog | 2025-04-09 | N/A |
| Sam Crew MyBlog stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. | ||||
| CVE-2008-4368 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE. | ||||
| CVE-2008-5230 | 1 Cisco | 1 Ios | 2025-04-09 | N/A |
| The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes it easier for remote attackers to decrypt packets from an access point (AP) to a client and spoof packets from an AP to a client, and conduct ARP poisoning attacks or other attacks, as demonstrated by tkiptun-ng. | ||||
| CVE-2008-5328 | 1 Ibm | 1 Rational Clearquest | 2025-04-09 | N/A |
| The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree during an import process. | ||||