1001 matches found
CVE-2004-2400
WinFTP Server 1.6 stores username and password credentials in plaintext in the data\user.wfd file, which allows local users to gain access to the credentials...
CVE-2005-2395
Affected software: Mozilla Firefox 1.0.4 and 1.0.5. Vulnerability type / cause: Firefox may not select the strongest available HTTP authentication challenge as required by RFC2617, potentially causing credentials to be sent in plaintext even when an encrypted channel exists. Impact (as stated): c...
CVE-2005-1094
CVE-2005-1094 affects FTP Now 2.6.14, where usernames and passwords are stored in plaintext in sites.xml and are world-readable. This constitutes a local privilege escalation risk for any local user able to read that file. The description does not provide exploit details, affected versions beyond...
CVE-2005-1092
Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges...
CVE-2005-1092
Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext in sites.xml, which is world-readable. This allows local users to access credentials and potentially gain privileges. No explicit exploit details or fixed version are provided in the connected documents; remediation is not spec...
CVE-2005-0604
lnss.exe in GFI Languard Network Security Scanner 5.0 stores the username and password in memory in plaintext, which could allow local administrators to obtain domain administrator credentials...
CVE-2004-1171
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are 1 manually entered by the user or 2 created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to...
IBM DB2 Windows Permission Problems (#NISR05012005F)
NGSSoftware Insight Security Research Advisory Name: IBM DB2 Windows Permission Problems Systems Affected: DB2 8.1 Severity: High risk from local Vendor URL: http://www.ibm.com/ Author: Chris Anley chris at ngssoftware.com Relates to: http://www.ngssoftware.com/advisories/db2-02.txt Date of Publi...
CVE-2004-2400
WinFTP Server 1.6 stores username and password credentials in plaintext in the data\user.wfd file, which allows local users to gain access to the credentials...
CVE-2004-1171
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are 1 manually entered by the user or 2 created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to...
CVE-2004-1171
KDE 3.2.x and 3.3.0–3.3.2 store saved credentials (entered by user or via SMB handler) in plaintext in the user’s .desktop file, which may be world-readable and allow local users to obtain usernames/passwords for remote resources (e.g., SMB shares). Affected components include KDE core libraries ...
CVE-2002-1479
Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges...
CVE-2002-1479
Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php with world-readable permissions. This allows local users to modify databases as the Cacti user and potentially gain privileges. Affected product: Cacti (versions prior to 0.6.8). Root cause: credentials stored in p...
Trillian Pro 2.01 - Design Error
Trillian Pro 2.01 - Design Error Trillian Pro Design Error Vendor: Cerulean Studios Product: Trillian Pro Version: !-- var username; username='plaintextusernamehere'; var password; password='plaintextpasswordhere'; function submit document.getEl...
CVE-2003-1476
Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain access...
Planet WGSD-1020
Добрый день! Не знаю, может кто уже присылал... В свитчах Planet WGSD-1020 есть закладка. Пользователь superuser с паролем planet. В пользовательском интерфейсе он нигде не упоминается, но его видно в файле конфигурации кстати, несмотря на то, что файл конфигурации бинарный, имена и пароли там...
DWebPro 3.4.1 - Http.ini Plaintext Password Storage
DWebPro 3.4.1 - Http.ini Plaintext Password Storage source: https://www.securityfocus.com/bid/8438/info A vulnerability has been reported to exist in the DWebPro web server software. This problem allows an attacker to view database authentication credentials by accessing a plain text file named...
CVE-2003-0329
CesarFTP 0.99g stores user names and passwords in plaintext in the settings.ini file, which could allow local users to gain privileges...
CVE-2003-0342
BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, stores user names and passwords in plaintext in the blackmoon.mdb file, which can allow local users to gain privileges...
CVE-2003-0329
CesarFTP 0.99g stores user names and passwords in plaintext in the settings.ini file, which could allow local users to gain privileges...