Vulnerabilities (CVE)

Filtered by CWE-310
Total 2455 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-2976 1 Cisco 2 Aironet Ap1100, Aironet Ap1200 2025-04-09 7.8 HIGH N/A
Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details, by sniffing the wireless network.
CVE-2007-6635 1 Netbizcity 1 Faqmasterflexplus 2025-04-09 6.4 MEDIUM N/A
FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in cleartext in a database, which might allow context-dependent attackers to obtain the password via unspecified database access.
CVE-2009-2417 2 Curl, Libcurl 2 Libcurl, Libcurl 2025-04-09 7.5 HIGH N/A
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2009-4034 1 Postgresql 1 Postgresql 2025-04-09 5.8 MEDIUM N/A
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2008-7138 1 Eye.fi 1 Eye-fi Manager 2025-04-09 5.0 MEDIUM N/A
The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce.
CVE-2007-5373 1 Ldapscripts 1 Ldapscripts 2025-04-09 2.1 LOW N/A
ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the _changepassword function.
CVE-2009-3024 1 Io-socket-ssl 1 Io-socket-ssl 2025-04-09 4.3 MEDIUM N/A
The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.
CVE-2008-3236 1 Ibm 1 Websphere Application Server 2025-04-09 5.0 MEDIUM N/A
Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not encrypted.
CVE-2007-5024 1 Emc 1 Vmware Server 2025-04-09 2.1 LOW N/A
EMC VMware Server before 1.0.4 Build 56528 writes passwords in cleartext to unspecified log files, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2005-3620.
CVE-2009-3273 1 Apple 1 Iphone Os 2025-04-09 7.5 HIGH N/A
iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate.
CVE-2008-5328 1 Ibm 1 Rational Clearquest 2025-04-09 4.6 MEDIUM N/A
The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree during an import process.
CVE-2008-6797 1 Mitel 1 Mitel Nupoint Messenger 2025-04-09 7.8 HIGH N/A
The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2008-6993 1 Siemens 1 Gigaset Wlan Camera 2025-04-09 10.0 HIGH N/A
Siemens Gigaset WLAN Camera 1.27 has an insecure default password, which allows remote attackers to conduct unauthorized activities. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3622 1 Wordpress 1 Wordpress 2025-04-09 4.3 MEDIUM N/A
Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service (CPU consumption and server hang) via a long title parameter in conjunction with a charset parameter composed of many comma-separated "UTF-8" substrings, related to the mb_convert_encoding function in PHP.
CVE-2008-3662 1 Gallery 1 Gallery 2025-04-09 5.0 MEDIUM N/A
Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
CVE-2009-2843 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 5.0 MEDIUM N/A
Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet.
CVE-2008-4227 1 Apple 2 Iphone Os, Ipod Touch 2025-04-09 7.5 HIGH N/A
Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic.
CVE-2008-7113 1 Kyoceramita 1 Scanner File Utility 2025-04-09 6.4 MEDIUM N/A
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 uses a small space of predictable user identification numbers for access control, which allows remote attackers to upload documents via a brute force attack.
CVE-2008-1263 1 Linksys 1 Wrt54g 2025-04-09 4.0 MEDIUM N/A
The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI.
CVE-2009-3875 3 Linux, Microsoft, Sun 6 Linux Kernel, Windows, Jdk and 3 more 2025-04-09 5.0 MEDIUM N/A
The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.