Searching unencrypted software vulnerabilities

read-passwd and other Lisp functions in Emacs 2

unencrypted | read-passwd | functions | passwords | properly | recently | attacker | history | allows | which | other | Emacs | clear | typed | Lisp | read | keys | not |

read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords.


CGIScript.net csPassword.cgi stores usernames a

passwordcgitmp | csPasswordcgi | CGIScriptnet | unencrypted | modifying | temporary | usernames | passwords | stores | which | could | allow | while | users | local | file | data |

CGIScript.net csPassword.cgi stores usernames and unencrypted passwords in the password.cgi.tmp temporary file while modifying data, which could allow local users (and possibly remote attackers) to gain privileges by stealing the file before it has been processed.


TightVNC before 1.2.4 running on Windows stores

TightVNC | before |

TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords.


SmartWebby Smart Guest Book stores SmartGuestBo

SmartGuestBookmdb | SmartWebby | stores | Smart | Guest | Book |

SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news database"0 under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the unencrypted username and password of the administrator's account.


The stuffit.com executable on Symantec PowerQue

DeployCenter | information | stuffitcom | PowerQuest | executable | sensitive | Symantec | obtain | allows | users | disks | local | boot |

The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuffit /f:stuffit.dat" invocations, possibly due to a buffer overflow.


Cisco 1200, 1131, and 1240 series Access Points

Cisco |

Cisco 1200, 1131, and 1240 series Access Points, when operating in Lightweight Access Point Protocol (LWAPP) mode and controlled by 2000 and 4400 series Airespace WLAN controllers running 3.1.59.24, allow remote attackers to send unencrypted traffic to a secure network using frames with the MAC address of an authenticated end host.


The notifyendsubs cron job in Campsite before 2

notifyendsubs | Campsite | before | cron | job |

The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail message containing a certain unencrypted MySQL password, which allows remote attackers to sniff the password.


Unspecified vulnerability in BEA WebLogic Serve

circumstances | vulnerability | unencrypted | credentials | Unspecified | privileges | attackers | cleartext | protocol | intended | WebLogic | network | certain | Express | through | across | allows | remote | Server | causes | which | gain | user | used | sent | SP7 | SSL | SP6 | SP3 | BEA |

Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges.


AlphaMail before 1.0.16 allows local users to o

AlphaMail | before |

AlphaMail before 1.0.16 allows local users to obtain sensitive information via the logging functionality, which displays unencrypted passwords in an error message. NOTE: some details are obtained from third party information.


SSL VPN Client in Cisco Secure Desktop before 3

Desktop | Secure | Client | before | Cisco | SSL | VPN |

SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data.


Web services in Xerox WorkCentre and WorkCentre

WorkCentre | services | before | Xerox | Web | Pro |

Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 do not require HTTPS, which allows remote attackers to obtain sensitive information by sniffing the unencrypted HTTP traffic.


DreameeSoft Password Master 1.0 stores the data

authentication | unencrypted | unspecified | DreameeSoft | attackers | contents | physical | Password | database | bypass | access | Master | stores | format | allows | which | read | set | via |

DreameeSoft Password Master 1.0 stores the database in an unencrypted format when the master password is set, which allows attackers with physical access to read the database contents via an unspecified authentication bypass. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.


ieee80211_output.c in MadWifi before 0.9.3 send

ieee80211_outputc | MadWifi | before |

ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of sevice (disrupted authentication) and conduct spoofing attacks.


The web interface in Trend Micro ServerProtect

ServerProtect | interface | Linux | Micro | Trend | web |

The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before Friday, February 16, 2007 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network.


Stephen Craton (aka WiredPHP) Chatness 2.5.3 an

Stephen | Craton |

Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges by reading the files, and allows remote attackers to obtain credentials via a direct request for admin/options.php.


Symantec pcAnywhere 11.5.x and 12.0.x retains u

administrators | vulnerability | CVE-2006-3785 | unencrypted | credentials | pcAnywhere | different | Symantec | process | reading | retains | allows | obtain | within | recent | memory | login | which | local | than | 115x | most | 120x |

Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785.


Mail Notification 4.0, when WITH_SSL is set to

Notification | connections | unencrypted | information | configured | sensitive | attackers | accounts | WITH_SSL | sniffing | network | SSL/TLS | compile | remote | obtain | allows | which | uses | time | Mail | set |

Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network.


RemoteDocs R-Viewer before 1.6.3768 stores encr

RemoteDocs | R-Viewer | before |

RemoteDocs R-Viewer before 1.6.3768 stores encrypted RDZ file data in unencrypted temporary files, which allows local users to obtain sensitive information by reading the temporary files.


Software vulnerabilities results 1 to 19 of 19     
Page: 1