Search Results (2509 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5792 1 Vonage 1 Motorola Phone Adapter Vt2142-vd 2026-04-23 N/A
The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP packets, which might allow remote attackers to eavesdrop by sniffing the network and reconstructing the RTP session.
CVE-2007-5863 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.
CVE-2009-3475 1 Internet2 1 Shibboleth-sp 2026-04-23 N/A
Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2008-1711 1 Terong 1 Advanced Web Photo Gallery 2026-04-23 N/A
Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
CVE-2008-1754 1 Symantec 1 Altiris Deployment Solution 2026-04-23 N/A
Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory.
CVE-2010-0222 1 Kingston 3 Datatraveler Blackbox, Datatraveler Elite, Datatraveler Secure 2026-04-23 N/A
Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.
CVE-2008-1886 1 Cdnetworks 1 Download Client 2026-04-23 N/A
The NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download uses weak cryptography for a KeyCode that blocks unauthorized use of the control, which allows remote attackers to bypass this protection mechanism by calculating the required KeyCode. NOTE: this can be used by arbitrary web sites to host exploit code that targets this control.
CVE-2009-3455 1 Apple 1 Safari 2026-04-23 N/A
Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2009-0047 1 Gale 1 Gale 2026-04-23 N/A
Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
CVE-2008-3532 2 Pidgin, Redhat 2 Pidgin, Enterprise Linux 2026-04-23 N/A
The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.
CVE-2008-7138 1 Eye.fi 1 Eye-fi Manager 2026-04-23 N/A
The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce.
CVE-2007-0014 1 Sun 1 Chainkey Java Code Protection 2026-04-23 N/A
ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM.
CVE-2008-4165 1 Kolab 1 Kolab Groupware Server 2026-04-23 N/A
admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows local administrators, and possibly remote attackers, to obtain cleartext passwords by reading the ssl_access_log file or the referer string.
CVE-2009-2312 1 Mcafee 1 Smartfilter 2026-04-23 N/A
SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in config.txt and uses insecure permissions for this file, which allows local users to gain privileges.
CVE-2007-4311 1 Linux 1 Linux Kernel 2026-04-23 N/A
The xfer_secondary_pool function in drivers/char/random.c in the Linux kernel 2.4 before 2.4.35 performs reseed operations on only the first few bytes of a buffer, which might make it easier for attackers to predict the output of the random number generator, related to incorrect use of the sizeof operator.
CVE-2008-7207 1 Rivetcode 1 Rivettracker 2026-04-23 N/A
RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php.
CVE-2007-3805 1 Clavister 1 Clavister Coreplus 2026-04-23 N/A
The IKE implementation in Clavister CorePlus before 8.80.03, and 8.80.00, does not properly validate certificates during IKE negotiation, which allows remote attackers to cause a denial of service (gateway stop) via certain certificates.
CVE-2008-5100 1 Microsoft 1 .net Framework 2026-04-23 N/A
The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
CVE-2008-5659 1 Gnu 1 Classpath 2026-04-23 N/A
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.
CVE-2007-4960 1 Linden Lab 1 Second Life 2026-04-23 N/A
Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' (double-quote space) sequence followed by the -autologin and -loginuri arguments, which cause the handler to post login credentials and software installation details to an arbitrary URL.