Search Results (782 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6231 1 Preprojects 1 Pre Classified Listings 2026-04-23 N/A
Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
CVE-2008-6232 1 Preprojects 1 Pre Shopping Mall 2026-04-23 N/A
Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
CVE-2007-6329 1 Microsoft 1 Office 2026-04-23 N/A
Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
CVE-2009-0013 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information.
CVE-2007-6260 1 Oracle 1 Database Server 2026-04-23 N/A
The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed.
CVE-2007-5579 1 Pligg 1 Pligg Cms 2026-04-23 N/A
login.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, which allows remote attackers with knowledge of a username to reset that user's password by calculating the confirmationcode parameter.
CVE-2007-3061 1 Cactusoft 1 Cactushop 2026-04-23 N/A
Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.
CVE-2009-0656 1 Asus 1 Smartlogon 2026-04-23 N/A
Asus SmartLogon 1.0.0005 allows physically proximate attackers to bypass "security functions" by presenting an image with a modified viewpoint that matches the posture of a stored image of the authorized notebook user.
CVE-2009-0644 1 Swannsecurity 1 Dvr4-securanet 2026-04-23 N/A
The HTTP interface in Swann DVR4-SecuraNet has a certain default administrative username and password, which makes it easier for remote attackers to obtain privileged access.
CVE-2009-0503 1 Ibm 1 Websphere Message Broker 2026-04-23 N/A
IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs.
CVE-2007-4960 1 Linden Lab 1 Second Life 2026-04-23 N/A
Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' (double-quote space) sequence followed by the -autologin and -loginuri arguments, which cause the handler to post login credentials and software installation details to an arbitrary URL.
CVE-2007-6340 1 Moernaut 2 Lsrunase, Supercrypt 2026-04-23 N/A
Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector (IV), which makes it easier for local users to obtain cleartext passwords.
CVE-2009-0054 1 Cisco 2 Ironport Encryption Appliance, Ironport Postx 2026-04-23 N/A
PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to capture credentials by tricking a user into reading a modified or crafted e-mail message.
CVE-2008-5847 1 Constructr 1 Constructr-cms 2026-04-23 N/A
Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.
CVE-2008-4646 1 Websense 1 Enterpise 2026-04-23 N/A
The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log, which allows local users to gain privileges to the database.
CVE-2006-6239 1 Mailenable 2 Netwebadmin Enterprise, Netwebadmin Professional 2026-04-23 N/A
webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty password.
CVE-2009-4188 1 Hp 1 Operations Dashboard 2026-04-23 N/A
HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3098.
CVE-2008-2857 1 Alstrasoft 1 Askme 2026-04-23 N/A
AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
CVE-2008-1970 1 Mucommander 1 Mucommander 2026-04-23 N/A
muCommander before 0.8.2 stores credentials.xml with insecure permissions, which allows local users to obtain credentials.
CVE-2008-5871 1 Nortel 1 Multimedia Communication Server 5100 2026-04-23 N/A
Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command.