8476 matches found
CVE-2005-0517
PeerFTP5 stores sensitive information such as passwords in plaintext in the PeerFTP.ini files, which allows local users to gain privileges...
CVE-2005-0521
SendLink 1.5 stores sensitive information, possibly including passwords, in plaintext in the data.eat file, which allows local users to gain privileges...
CVE-2005-0498
Gigafast router aka CompUSA router allows remote attackers to gain sensitive information and bypass the login page via a direct request to backup.cfg, which reveals the administrator password in plaintext...
CVE-2004-1497
Web Forums Server 1.6 and 2.0 Power Pack store passwords in plaintext in the Username.ini file, enabling local users to gain privileges. This indicates a local-privilege escalation risk due to insecure credential storage. The available sources describe the vulnerable component and impact but do n...
CVE-2004-1447
Jetbox One 2.0.8 and possibly other versions stores passwords in the database in plaintext, which could allow attackers to gain sensitive information...
CVE-2004-1447
Jetbox One 2.0.8 (and possibly other versions) stores passwords in the database in plaintext, exposing user credentials. Root cause: plaintext credential storage in the data store, enabling potential disclosure if the database is accessed. CVE-2004-1447 is described with a Medium base score (AV:N...
CVE-2005-0366
CVE-2005-0366 concerns OpenPGP/GnuPG where the integrity check feature, when decrypting a message encrypted with CF B mode, can allow a remote attacker to recover part of the plaintext through a chosen-ciphertext attack if the first two bytes of a message block are known and an oracle reveals whe...
CVE-2005-0366
The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback CFB mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is...
Cisco IDS Plaintext Telnet Service Detection
Binary data 2584.prm...
UW-IMAP CRAM-MD5 Remote Authentication Bypass
There is a flaw in the remote UW-IMAP server which allows an authenticated user to log into the server as any user. The flaw is in the CRAM-MD5 authentication theme. An attacker, exploiting this flaw, would only need to identify a vulnerable UW-IMAP server which had enabled the CRAM-MD5...
CVE-2004-1171
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are 1 manually entered by the user or 2 created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to...
CVE-2004-1171
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are 1 manually entered by the user or 2 created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to...
IBM DB2 Windows Permission Problems (#NISR05012005F)
NGSSoftware Insight Security Research Advisory Name: IBM DB2 Windows Permission Problems Systems Affected: DB2 8.1 Severity: High risk from local Vendor URL: http://www.ibm.com/ Author: Chris Anley chris at ngssoftware.com Relates to: http://www.ngssoftware.com/advisories/db2-02.txt Date of Publi...
CVE-2004-2722
Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the original researcher reports that the vendor has disputed this issue...
CVE-2004-2400
WinFTP Server 1.6 stores username and password credentials in plaintext in the data\user.wfd file, which allows local users to gain access to the credentials...
CVE-2004-2397
The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates...
CVE-2004-1447
Jetbox One 2.0.8 and possibly other versions stores passwords in the database in plaintext, which could allow attackers to gain sensitive information...
CVE-2004-2578
phpGroupWare before 0.9.16.002 transmits the 1 header admin and 2 setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords...
CVE-2004-2708
Gyach Enhanced Gyach-E before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file...
CVE-2004-2172
EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack...