Export limit exceeded: 362815 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362815 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (4593 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1800 1 Phprank 1 Phprank 2026-04-16 7.5 High
phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password.
CVE-2001-0103 1 Coffeecup Software 2 Coffeecup Direct Ftp, Coffeecup Free Ftp 2026-04-16 N/A
CoffeeCup Direct and Free FTP clients uses weak encryption to store passwords in the FTPServers.ini file, which could allow attackers to easily decrypt the passwords.
CVE-2000-0589 1 Sawmill 1 Sawmill 2026-04-16 N/A
SawMill 5.0.21 uses weak encryption to store passwords, which allows attackers to easily decrypt the password and modify the SawMill configuration.
CVE-2003-1389 1 Research Triangle Software 1 Cryptobuddy 2026-04-16 N/A
RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks.
CVE-2005-2209 1 Capturix 1 Scanshare 2026-04-16 5.5 Medium
Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users.
CVE-2005-2160 1 Ipswitch 1 Imail 2026-04-16 7.5 High
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.
CVE-2002-1696 2 Microsoft, Pgp 2 Outlook, Personal Privacy 2026-04-16 5.5 Medium
Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message.
CVE-2001-1473 1 Ssh 1 Ssh 2026-04-16 N/A
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
CVE-2005-3140 1 Procom 2 Netforce 800, Netforce 800 Firmware 2026-04-16 7.5 High
Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes.
CVE-2004-2397 1 Broadcom 1 Bluecoat Security Gateway 2026-04-16 7.5 High
The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates.
CVE-2001-1537 1 Symfony 1 Twig 2026-04-16 7.5 High
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
CVE-2005-2069 3 Openldap, Padl, Redhat 4 Openldap, Nss Ldap, Pam Ldap and 1 more 2026-04-16 N/A
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
CVE-2001-1481 1 Xitami 1 Xitami 2026-04-16 9.8 Critical
Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.
CVE-2001-1463 1 Solarwinds 1 Serv-u File Server 2026-04-16 N/A
The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.
CVE-2005-0844 1 Nortel 1 Contivity 2026-04-16 N/A
Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information.
CVE-2006-0591 2 Redhat, Solar Designer 2 Enterprise Linux, Crypt Blowfish 2026-04-16 N/A
The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.
CVE-2002-2379 1 Cisco 1 As5350 2026-04-16 N/A
Cisco AS5350 IOS 12.2(11)T with access control lists (ACLs) applied and possibly with ssh running allows remote attackers to cause a denial of service (crash) via a port scan, possibly due to an ssh bug. NOTE: this issue could not be reproduced by the vendor
CVE-2001-1536 1 Audiogalaxy 1 Audiogalaxy 2026-04-16 7.5 High
Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack.
CVE-2026-23655 1 Microsoft 3 Confidental Containers, Confidential Sidecar Containers, Microsoft Aci Confidential Containers 2026-04-15 6.5 Medium
Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network.
CVE-2026-35644 1 Openclaw 1 Openclaw 2026-04-15 6.5 Medium
OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive authentication information from URL userinfo components.