CVE-2008-4540

Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access...

CVE-2008-4278

VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password...

CVE-2008-3972

pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of...

CVE-2008-2314

CVE-2008-2314 affects Apple Mac OS X 10.5 before 10.5.4 where, if Exposé hot corners are enabled, a physically proximate attacker can access a locked session in sleep or screen saver mode without entering a password. This is a local access vulnerability, not clearly described as exploitable via a...

CVE-2008-1453

The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol SDP packets...

Microsoft Windows Bluetooth Stack Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability because its implementation of the Bluetooth stack fails to adequately handle a flood of specially crafted SDP Service Discovery Protocol requests. To exploit this issue, an attacker must be within close physical...

Design/Logic Flaw

The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the...