Search Results (782 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-0994 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords.
CVE-2004-2532 1 Solarwinds 1 Serv-u File Server 2026-04-16 N/A
Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.
CVE-2004-2696 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call.
CVE-2003-1439 1 Silc 1 Secure Internet Live Conferencing 2026-04-16 N/A
Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information.
CVE-2006-3203 1 Ultimate Php Board 1 Ultimate Php Board 2026-04-16 N/A
The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier includes a default administrator login account and password, which allows remote attackers to gain privileges.
CVE-2005-4862 1 Xwiki 1 Xwiki 2026-04-16 N/A
The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password.
CVE-2004-2723 1 Nessus 1 Nessuswx 2026-04-16 N/A
NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords.
CVE-2003-1483 1 Flashfxp 1 Flashfxp 2026-04-16 N/A
FlashFXP 1.4 uses a weak encryption algorithm for user passwords, which allows attackers to decrypt the passwords and gain access.
CVE-2002-2355 1 Netgear 1 Fm114p 2026-04-16 N/A
Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information.
CVE-2003-1417 1 Ncipher 1 Support Software 2026-04-16 N/A
nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files.
CVE-2003-1376 1 Winzip 1 Winzip 2026-04-16 N/A
WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder.
CVE-2003-1401 1 Php Board 1 Php Board 2026-04-16 N/A
login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request.
CVE-2005-2666 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2026-04-16 N/A
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
CVE-1999-1214 5 Bsd, Freebsd, Netbsd and 2 more 5 Bsd, Freebsd, Netbsd and 2 more 2026-04-16 N/A
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.
CVE-2002-2290 1 Mambo 1 Mambo Site Server 2026-04-16 N/A
Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges.
CVE-2002-2301 1 Lawson Software 1 Lawson Financials 2026-04-16 N/A
Lawson Financials 8.0, when configured to use a third party relational database, stores usernames and passwords in a world-readable file, which allows local users to read the passwords and log onto the database.
CVE-2002-2310 1 Kryptronic 1 Clickcartpro 2026-04-16 N/A
ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
CVE-2002-2384 1 Hotfoon Corporation 1 Hotfoon 2026-04-16 N/A
hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry key, which allows local users to gain access to user accounts and steal phone service.
CVE-2002-2389 1 Fastlink Software 1 The Server 2026-04-16 N/A
TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files.
CVE-2002-2412 1 Nullsoft 1 Winamp 2026-04-16 N/A
Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.