Searching username password software vulnerabilities

Windows NT FTP server (WFTP) with the guest acc

Windows | server | FTP |

Windows NT FTP server (WFTP) with the guest account enabled without a password allows an attacker to log into the FTP server using any username and password.


BackWeb client stores the username and password

authentication | Communication | privileges | cleartext | registry | username | password | BackWeb | reading | client | stores | other | local | users | which | proxy | allow | could | gain | key |

BackWeb client stores the username and password in cleartext for proxy authentication in the Communication registry key, which could allow other local users to gain privileges by reading the password.


FTP Explorer uses weak encryption for storing t

encryption | password | username | Explorer | profile | storing | sites | uses | weak | FTP |

FTP Explorer uses weak encryption for storing the username, password, and profile of FTP sites.


Crystal Reports, when displaying data for a pas

displaying | attackers | protected | passwords | cleartext | username | database | password | Reports | Crystal | allows | obtain | remote | embeds | pages | using | which | data | HTML | page | URL |

Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords.


Castelle FaxPress, possibly 6.3 and other versi

configured | submitting | incorrect | attackers | plaintext | password | Castelle | versions | possibly | username | FaxPress | correct | Network | causes | allows | obtain | other | error | event | print | login | queue | which | leak | use |

Castelle FaxPress, possibly 6.3 and other versions, when configured to use the Network print queue, allows attackers to obtain the username and password by submitting an incorrect login, which causes Faxpress to leak the correct username and password in plaintext in an error event.


GroupWise 6, when using LDAP authentication and

authentication | privileges | attackers | GroupWise | username | password | logging | without | allows | Office | other | using | blank | users | Post | LDAP | gain | has |

GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password.


WorkforceROI Xpede 4.1 allows remote attackers

datasourceasp | WorkforceROI | attackers | guessing | username | attacker | password | database | conduct | attacks | request | easily | remote | obtain | allows | force | brute | which | Xpede | leaks | more | form | via |

WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute force password guessing attacks.


SQL injection vulnerability in Ruslan Bui

administrative | Builder | vulnerability | privileges | attackers | injection | password | username | sequence | allows | remote | Ruslan | "'--" | gain | SQL | via |

SQL injection vulnerability in Ruslan Builder allows remote attackers to gain administrative privileges via a "'--" sequence in the username and password.


AppServ 2.5.x and earlier installs a default us

attackers | username | password | installs | AppServ | earlier | default | remote | access | allows | which | gain | 25x |

AppServ 2.5.x and earlier installs a default username and password, which allows remote attackers to gain access.


Unspecified vulnerability in cmdline.c in proxy

vulnerability | proxytunnel | Unspecified | cmdlinec |

Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and earlier allows local users to obtain proxy credentials (username or password) of other users.


The telnet daemon in UTStarcom F1000 VOIP WIFI

UTStarcom | running | VxWorks | daemon | telnet | Phone | F1000 | VOIP | WIFI | s20 |

The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has a default username "target" and password "password", which allows remote attackers to gain full access to the system.


BEA WebLogic Server and WebLogic Express 8.1 SP

username/password | authentication | attackers | username | WebLogic | password | attempts | Express | maximum | earlier | invalid | easier | number | Server | remote | login | makes | which | guess | after | using | lock | does | SP5 | BEA | SP6 | out | not |

BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password.


PHP Upload Center stores password hashes under

upload/users/[USERNAME] | insufficient | attackers | password | download | request | control | stores | remote | allows | Upload | direct | Center | access | hashes | under | which | root | file | hash | each | PHP | via | web |

PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/[USERNAME] file.


na-img-4.0.34.bin for the IP3 Networks NetAcces

na-img-4034bin | NetAccess | username | password | Networks | default | admin | NA75 | IP3 | has |

na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default username of admin and a default password of admin.


The pswd.js script relies on the client to calc

brute-force | downloading | conducting | hard-coded | attackers | calculate | password | username | offline | attacks | whether | allows | remote | obtain | relies | client | pswdjs | script | server | values | hashed | which | match |

The pswd.js script relies on the client to calculate whether a username and password for a server match hard-coded hashed values, which allows remote attackers to obtain a username and password by downloading pswd.js and conducting brute-force offline attacks.


IBM Client Security Password Manager stores and

distributes | credentials | passwords | attackers | Password | username | Security | changing | Manager | website | remote | allows | Client | obtain | stores | based | saved | which | title | HTML | page | upon | IBM |

IBM Client Security Password Manager stores and distributes saved passwords based upon the title of a website, which allows remote attackers to obtain username and password credentials by changing the title of an HTML page.


Cisco 2700 Series Wireless Location Appliances

Cisco |

Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a default administrator username "root" and password "password," which allows remote attackers to obtain administrative privileges, aka Bug ID CSCsb92893.


The "forgot password" function in OneOrZero Hel

OneOrZero | password" | Helpdesk | function | "forgot | before |

The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password reset.


projectserver/logon/pdsrequest.asp in Microsoft

projectserver/logon/pdsrequestasp | Microsoft | Project | Server |

projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.


** DISPUTED ** SQL injection vulnerability in

vulnerability | SchoolBoard | injection | attackers | arbitrary | DISPUTED | commands | adminphp | execute | allows | remote | via | SQL |

** DISPUTED ** SQL injection vulnerability in admin.php in SchoolBoard allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: CVE disputes this issue, because 'username' does not exist, and the password is not used in any queries.


Software vulnerabilities results 1 to 20 of 1331     
Page: 12345...67