Total
2448 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1209 | 1 Ibm | 1 Websphere Application Server | 2017-08-17 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services request via unspecified vectors related to a "decryption attack." | |||||
| CVE-2011-1433 | 1 Otrs | 1 Otrs | 2017-08-17 | 5.0 MEDIUM | N/A |
| The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields. | |||||
| CVE-2011-1673 | 1 Netgear | 2 Prosafe Wnap210, Prosafe Wnap210 Firmware | 2017-08-17 | 5.0 MEDIUM | N/A |
| BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attackers to obtain the administrator password by reading the configuration file. | |||||
| CVE-2010-4506 | 1 Oracle | 1 Passlogix V-go Self-service Password Reset And Oem | 2017-08-17 | 6.2 MEDIUM | N/A |
| Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A allows physically proximate attackers to execute arbitrary programs without authentication by triggering use of an invalid SSL certificate and using the Internet Explorer interface to navigate through the filesystem via a "Save As" dialog that is reachable from the "Certificate Export" wizard. | |||||
| CVE-2011-0002 | 1 Miloslav Trmac | 1 Libuser | 2017-08-17 | 6.4 MEDIUM | N/A |
| libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values. | |||||
| CVE-2010-4626 | 1 Mybb | 1 Mybb | 2017-08-17 | 5.1 MEDIUM | N/A |
| The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack. | |||||
| CVE-2010-3618 | 1 Pgp | 2 Desktop For Mac, Desktop For Windows | 2017-08-17 | 4.3 MEDIUM | N/A |
| PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote attackers to spoof signed data by concatenating an additional message to the end of a legitimately signed message, related to a "piggy-back" or "unsigned data injection" issue. | |||||
| CVE-2011-0724 | 1 Ubuntu | 2 Edubuntu, Live Dvd | 2017-08-17 | 9.3 HIGH | N/A |
| The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, which causes each installation to have the same fixed key, which allows remote attackers to gain privileges. | |||||
| CVE-2011-0410 | 1 Collabnet | 1 Scrumworks | 2017-08-17 | 5.0 MEDIUM | N/A |
| CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for network communication and the internal database, which makes it easier for context-dependent attackers to obtain sensitive information by (1) sniffing the network for transmissions of Java objects or (2) reading the database. | |||||
| CVE-2010-4184 | 1 Netsupportsoftware | 1 Netsupport Manager | 2017-08-17 | 5.0 MEDIUM | N/A |
| NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information by sniffing the network. | |||||
| CVE-2010-1651 | 1 Ibm | 2 Websphere Application Server, Z\/os | 2017-08-17 | 1.9 LOW | N/A |
| IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log. | |||||
| CVE-2010-2072 | 1 Radovan Garabik | 1 Pyftpd | 2017-08-17 | 3.6 LOW | N/A |
| Pyftpd 0.8.4 creates log files with predictable names in a temporary directory, which allows local users to cause a denial of service and obtain sensitive information. | |||||
| CVE-2010-0578 | 1 Cisco | 4 7200 Router, 7301 Router, Ios and 1 more | 2017-08-17 | 7.8 HIGH | N/A |
| The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 and 7301 routers with VAM2+ allows remote attackers to cause a denial of service (device reload) via a malformed IKE packet, aka Bug ID CSCtb13491. | |||||
| CVE-2010-1650 | 1 Ibm | 1 Websphere Application Server | 2017-08-17 | 1.9 LOW | N/A |
| IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output. | |||||
| CVE-2010-2468 | 3 Linearcorp, S2sys, Sonitrol | 4 Emerge 50, Emerge 5000, Netbox and 1 more | 2017-08-17 | 10.0 HIGH | N/A |
| The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password. | |||||
| CVE-2010-1184 | 1 Microsoft | 1 27mhz Wireless Keyboard | 2017-08-17 | 7.6 HIGH | N/A |
| The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2. | |||||
| CVE-2010-2637 | 1 Ibm | 1 Websphere Mq | 2017-08-17 | 4.3 MEDIUM | N/A |
| IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application. | |||||
| CVE-2009-3477 | 1 Rim | 1 Blackberry Device Software | 2017-08-17 | 6.8 MEDIUM | N/A |
| The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before 4.5.0.173, 4.6.0 before 4.6.0.303, 4.6.1 before 4.6.1.309, 4.7.0 before 4.7.0.179, and 4.7.1 before 4.7.1.57 does not properly handle "hidden" characters including a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2009-4655 | 1 Novell | 1 Edirectory | 2017-08-17 | 7.5 HIGH | N/A |
| The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie. | |||||
| CVE-2009-3474 | 1 Internet2 | 3 Opensaml, Shibboleth-sp, Xmltooling | 2017-08-17 | 7.5 HIGH | N/A |
| OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate. | |||||