Export limit exceeded: 362815 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (4593 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1828 1 Dlink 2 Dsl-504t, Dsl-504t Firmware 2026-04-16 7.5 High
D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.
CVE-2004-2397 1 Broadcom 1 Bluecoat Security Gateway 2026-04-16 7.5 High
The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates.
CVE-2003-0512 1 Cisco 1 Ios 2026-04-16 N/A
Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge.
CVE-2000-0589 1 Sawmill 1 Sawmill 2026-04-16 N/A
SawMill 5.0.21 uses weak encryption to store passwords, which allows attackers to easily decrypt the password and modify the SawMill configuration.
CVE-2002-1800 1 Phprank 1 Phprank 2026-04-16 7.5 High
phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password.
CVE-2002-1696 2 Microsoft, Pgp 2 Outlook, Personal Privacy 2026-04-16 5.5 Medium
Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message.
CVE-2002-2379 1 Cisco 1 As5350 2026-04-16 N/A
Cisco AS5350 IOS 12.2(11)T with access control lists (ACLs) applied and possibly with ssh running allows remote attackers to cause a denial of service (crash) via a port scan, possibly due to an ssh bug. NOTE: this issue could not be reproduced by the vendor
CVE-2002-2326 1 Apple 1 Mac Os X 2026-04-16 N/A
The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 and 10.1 through 10.1.5 sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote attackers to obtain passwords by sniffing network traffic.
CVE-2003-1344 1 Trend Micro 1 Virus Control System 2026-04-16 N/A
Trend Micro Virus Control System (TVCS) Log Collector allows remote attackers to obtain usernames, encrypted passwords, and other sensitive information via a URL request for getservers.exe with the action parameter set to "selects1", which returns log files.
CVE-2002-2303 1 3d3.com 1 Shopfactory 2026-04-16 N/A
3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for sensitive price data, which allows remote attackers to modify shopping cart prices by using the Javascript to decrypt the cookie that contains the data.
CVE-2006-0591 2 Redhat, Solar Designer 2 Enterprise Linux, Crypt Blowfish 2026-04-16 N/A
The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.
CVE-2005-4066 1 Christian Ghisler 1 Total Commander 2026-04-16 N/A
Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm.
CVE-2005-0844 1 Nortel 1 Contivity 2026-04-16 N/A
Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information.
CVE-2001-1463 1 Solarwinds 1 Serv-u File Server 2026-04-16 N/A
The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.
CVE-2001-0103 1 Coffeecup Software 2 Coffeecup Direct Ftp, Coffeecup Free Ftp 2026-04-16 N/A
CoffeeCup Direct and Free FTP clients uses weak encryption to store passwords in the FTPServers.ini file, which could allow attackers to easily decrypt the passwords.
CVE-2001-1481 1 Xitami 1 Xitami 2026-04-16 9.8 Critical
Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.
CVE-2005-2160 1 Ipswitch 1 Imail 2026-04-16 7.5 High
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.
CVE-2001-1536 1 Audiogalaxy 1 Audiogalaxy 2026-04-16 7.5 High
Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack.
CVE-2004-2703 1 Clearswift 4 Mailsweeper Business Suite I, Mailsweeper Business Suite Ii, Mailsweeper For Smtp and 1 more 2026-04-16 N/A
Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted data in a mail message, which causes the message to be marked as "Clean" instead of "Encrypted".
CVE-2001-1537 1 Symfony 1 Twig 2026-04-16 7.5 High
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.