Total
729 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1439 | 1 Silc | 1 Secure Internet Live Conferencing | 2025-04-03 | 4.3 MEDIUM | N/A |
| Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information. | |||||
| CVE-2002-2389 | 1 Fastlink Software | 1 The Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files. | |||||
| CVE-2005-4862 | 1 Xwiki | 1 Xwiki | 2025-04-03 | 5.0 MEDIUM | N/A |
| The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password. | |||||
| CVE-2006-3203 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-03 | 10.0 HIGH | N/A |
| The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier includes a default administrator login account and password, which allows remote attackers to gain privileges. | |||||
| CVE-1999-0387 | 1 Microsoft | 2 Windows 95, Windows 98 | 2025-04-03 | 7.8 HIGH | N/A |
| A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords. | |||||
| CVE-2004-2723 | 1 Nessus | 1 Nessuswx | 2025-04-03 | 2.1 LOW | N/A |
| NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords. | |||||
| CVE-2002-2412 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 2.1 LOW | N/A |
| Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts. | |||||
| CVE-2003-1417 | 1 Ncipher | 1 Support Software | 2025-04-03 | 4.4 MEDIUM | N/A |
| nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files. | |||||
| CVE-2003-1483 | 1 Flashfxp | 1 Flashfxp | 2025-04-03 | 6.4 MEDIUM | N/A |
| FlashFXP 1.4 uses a weak encryption algorithm for user passwords, which allows attackers to decrypt the passwords and gain access. | |||||
| CVE-2005-2666 | 1 Openbsd | 1 Openssh | 2025-04-03 | 1.2 LOW | N/A |
| SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key. | |||||
| CVE-2002-2355 | 1 Netgear | 1 Fm114p | 2025-04-03 | 7.1 HIGH | N/A |
| Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information. | |||||
| CVE-2002-2290 | 1 Mambo | 1 Mambo Site Server | 2025-04-03 | 10.0 HIGH | N/A |
| Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges. | |||||
| CVE-1999-0994 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
| Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords. | |||||
| CVE-2006-4068 | 1 Pswd.js | 1 Pswd.js | 2025-04-03 | 5.0 MEDIUM | N/A |
| The pswd.js script relies on the client to calculate whether a username and password match hard-coded hashed values for a server, and uses a hashing scheme that creates a large number of collisions, which makes it easier for remote attackers to conduct offline brute force attacks. NOTE: this script might also allow attackers to generate the server-side "secret" URL without determining the original password, but this possibility was not discussed by the original researcher. | |||||
| CVE-2002-2310 | 1 Kryptronic | 1 Clickcartpro | 2025-04-03 | 5.0 MEDIUM | N/A |
| ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords. | |||||
| CVE-1999-1214 | 5 Bsd, Freebsd, Netbsd and 2 more | 5 Bsd, Freebsd, Netbsd and 2 more | 2025-04-03 | 2.1 LOW | N/A |
| The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID. | |||||
| CVE-2002-2301 | 1 Lawson Software | 1 Lawson Financials | 2025-04-03 | 3.3 LOW | N/A |
| Lawson Financials 8.0, when configured to use a third party relational database, stores usernames and passwords in a world-readable file, which allows local users to read the passwords and log onto the database. | |||||
| CVE-2025-2555 | 2025-03-20 | 1.2 LOW | 2.9 LOW | ||
| A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.89 and 2.90 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about these issues and acted very professional. Version 2.89 is fixing this issue for new customers and 2.90 is going to fix it for existing customers. | |||||
| CVE-2021-37000 | 1 Huawei | 1 Harmonyos | 2025-03-18 | N/A | 7.7 HIGH |
| Some Huawei wearables have a permission management vulnerability. | |||||
| CVE-2025-2355 | 2025-03-17 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCS_TOKEN/SECRET_KEY leads to unprotected storage of credentials. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||