Export limit exceeded: 352260 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (780 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4862 | 1 Xwiki | 1 Xwiki | 2026-04-16 | N/A |
| The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password. | ||||
| CVE-2005-2666 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2026-04-16 | N/A |
| SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key. | ||||
| CVE-2004-2532 | 1 Solarwinds | 1 Serv-u File Server | 2026-04-16 | N/A |
| Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command. | ||||
| CVE-1999-0994 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords. | ||||
| CVE-2004-2723 | 1 Nessus | 1 Nessuswx | 2026-04-16 | N/A |
| NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords. | ||||
| CVE-1999-0755 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2026-04-16 | N/A |
| Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option. | ||||
| CVE-2002-2290 | 1 Mambo | 1 Mambo Site Server | 2026-04-16 | N/A |
| Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges. | ||||
| CVE-2002-2301 | 1 Lawson Software | 1 Lawson Financials | 2026-04-16 | N/A |
| Lawson Financials 8.0, when configured to use a third party relational database, stores usernames and passwords in a world-readable file, which allows local users to read the passwords and log onto the database. | ||||
| CVE-2002-2310 | 1 Kryptronic | 1 Clickcartpro | 2026-04-16 | N/A |
| ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords. | ||||
| CVE-2002-2345 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access. | ||||
| CVE-2002-2355 | 1 Netgear | 1 Fm114p | 2026-04-16 | N/A |
| Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information. | ||||
| CVE-2002-2384 | 1 Hotfoon Corporation | 1 Hotfoon | 2026-04-16 | N/A |
| hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry key, which allows local users to gain access to user accounts and steal phone service. | ||||
| CVE-2002-2389 | 1 Fastlink Software | 1 The Server | 2026-04-16 | N/A |
| TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files. | ||||
| CVE-2002-2412 | 1 Nullsoft | 1 Winamp | 2026-04-16 | N/A |
| Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts. | ||||
| CVE-2004-2696 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call. | ||||
| CVE-2004-2708 | 1 Phrozensmoke | 1 Gyach Enhanced | 2026-04-16 | N/A |
| Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file. | ||||
| CVE-2004-2722 | 1 Nessus | 1 Nessus | 2026-04-16 | N/A |
| Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the original researcher reports that the vendor has disputed this issue | ||||
| CVE-2003-1394 | 1 Coffeecup Software | 1 Coffeecup Password Wizard | 2026-04-16 | N/A |
| CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file. | ||||
| CVE-2004-1366 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2026-04-16 | N/A |
| Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges. | ||||
| CVE-2003-1376 | 1 Winzip | 1 Winzip | 2026-04-16 | N/A |
| WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder. | ||||