Total
756 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6971 | 1 Simplemachines | 1 Smf | 2017-09-29 | N/A |
| The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify passwords of other users and gain privileges. | ||||
| CVE-2008-6524 | 1 Cale Dunlap | 1 Openinvoice | 2017-09-29 | N/A |
| resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication. | ||||
| CVE-2008-6232 | 1 Preprojects | 1 Pre Shopping Mall | 2017-09-29 | N/A |
| Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | ||||
| CVE-2008-6231 | 1 Preprojects | 1 Pre Classified Listings | 2017-09-29 | N/A |
| Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | ||||
| CVE-2008-6228 | 1 Preproject | 1 Pre Multi-vendor Shopping Malls | 2017-09-29 | N/A |
| Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | ||||
| CVE-2008-5847 | 1 Constructr | 1 Constructr-cms | 2017-09-29 | N/A |
| Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column. | ||||
| CVE-2008-5690 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | N/A |
| The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5. | ||||
| CVE-2008-3859 | 1 Davlin | 1 Thickbox Gallery | 2017-09-29 | N/A |
| Davlin Thickbox Gallery 2 allows remote attackers to obtain the administrative username and MD5 password hash via a direct request to conf/admins.php. | ||||
| CVE-2008-2857 | 1 Alstrasoft | 1 Askme | 2017-09-29 | N/A |
| AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. | ||||
| CVE-2008-2279 | 1 Freelance Auction | 1 Freelance Auction Script | 2017-09-29 | N/A |
| Freelance Auction Script 1.0 stores user passwords in plaintext in the tbl_users table, which allows attackers to gain privileges by reading the table. | ||||
| CVE-2008-0440 | 1 Alstrasoft | 1 Forum Pay Per Post Exchange | 2017-09-29 | N/A |
| AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts. | ||||
| CVE-2007-6414 | 1 Adultscript | 1 Adultscript | 2017-09-29 | N/A |
| admin/administrator.php in Adult Script 1.6 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication and obtain administrative credentials via a direct request. NOTE: this can be leveraged for arbitrary code execution through a request to admin/videolinks_view.php. | ||||
| CVE-2007-5063 | 1 Adam Scheinberg | 1 Flip | 2017-09-29 | N/A |
| Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt. | ||||
| CVE-2007-3978 | 1 Bwired | 1 Bwired | 2017-09-29 | N/A |
| Session fixation vulnerability in bwired allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | ||||
| CVE-2015-4262 | 1 Cisco | 1 Unified Meetingplace Web Conferencing | 2017-09-21 | N/A |
| The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839. | ||||
| CVE-2015-3799 | 1 Apple | 1 Mac Os X | 2017-09-21 | N/A |
| The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passwords via a crafted app. | ||||
| CVE-2011-2990 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | N/A |
| The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects. | ||||
| CVE-2010-1487 | 1 Ibm | 1 Lotus Notes | 2017-09-19 | N/A |
| IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG. | ||||
| CVE-2009-4674 | 1 Mole-group | 2 Bus Ticket Script, Sky Hunter Airline Ticket Sale Script | 2017-09-19 | N/A |
| admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified user_id field. | ||||
| CVE-2009-3516 | 1 Ibm | 1 Aix | 2017-09-19 | N/A |
| gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors. | ||||