usernames software vulnerabilities
vulnerabilities.aspcode.net
Searching usernames software vulnerabilities
ControlIT v4.5 and earlier uses weak encryption
encryption
|
ControlIT
|
usernames
|
passwords
|
earlier
|
address
|
store
|
weak
|
book
|
uses
|
v45
|
ControlIT v4.5 and earlier uses weak encryption to store usernames and passwords in an address book.
NetWare version of LaserFiche stores usernames
administrative
|
unencrypted
|
LaserFiche
|
passwords
|
usernames
|
changes
|
without
|
logging
|
NetWare
|
version
|
stores
|
allows
|
NetWare version of LaserFiche stores usernames and passwords unencrypted, and allows administrative changes without logging.
The installation of 1ArcServe Backup and Inocul
exchverifylog
|
installation
|
passwords
|
usernames
|
plaintext
|
1ArcServe
|
contains
|
Inoculan
|
Exchange
|
modules
|
create
|
client
|
Backup
|
which
|
file
|
log
|
The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext.
Auto_FTP.pl script in Auto_FTP 0.2 stores usern
configuration
|
auto_ftpconf
|
Auto_FTPpl
|
passwords
|
plaintext
|
usernames
|
Auto_FTP
|
script
|
stores
|
file
|
Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in plaintext in the auto_ftp.conf configuration file.
NAI Sniffer Agent uses base64 encoding for auth
authentication
|
usernames
|
passwords
|
attackers
|
encoding
|
Sniffer
|
decrypt
|
network
|
allows
|
base64
|
easily
|
Agent
|
which
|
sniff
|
uses
|
NAI
|
NAI Sniffer Agent uses base64 encoding for authentication, which allows attackers to sniff the network and easily decrypt usernames and passwords.
PostgreSQL stores usernames and passwords in pl
PostgreSQL
|
passwords
|
plaintext
|
usernames
|
stores
|
PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases.
CesarFTP 0.98b and earlier stores usernames and
settingsini
|
privileges
|
passwords
|
plaintext
|
attackers
|
usernames
|
CesarFTP
|
earlier
|
allows
|
stores
|
which
|
file
|
gain
|
098b
|
CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges.
Symantec Ghost 7.0 stores usernames and passwor
NGServer\params
|
privileges
|
passwords
|
plaintext
|
usernames
|
attacker
|
registry
|
Symantec
|
stores
|
allow
|
Ghost
|
which
|
could
|
gain
|
key
|
Symantec Ghost 7.0 stores usernames and passwords in plaintext in the NGServer\params registry key, which could allow an attacker to gain privileges.
Nortel CVX 1800 is installed with a default "pu
Nortel
|
CVX
|
Nortel CVX 1800 is installed with a default "public" community string, which allows remote attackers to read usernames and passwords and modify the CVX configuration.
Pine 4.2.1 through 4.4.4 puts Unix usernames an
Pine
|
Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information.
vsftpd 1.1.3 generates different error messages
vsftpd
|
vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames.
SalesLogix 6.1 includes usernames, passwords, a
information
|
SalesLogix
|
attackers
|
sensitive
|
usernames
|
passwords
|
response
|
includes
|
headers
|
remote
|
access
|
other
|
allow
|
which
|
could
|
gain
|
HTTP
|
SalesLogix 6.1 includes usernames, passwords, and other sensitive information in the headers of an HTTP response, which could allow remote attackers to gain access.
Netenberg Fantastico De Luxe 2.8 uses database
world-readable
|
/var/lib/mysql
|
permissions
|
associated
|
Fantastico
|
usernames
|
determine
|
Netenberg
|
database
|
assigned
|
attacks
|
conduct
|
reading
|
contain
|
cPanel
|
allows
|
force
|
brute
|
which
|
names
|
local
|
valid
|
users
|
Luxe
|
uses
|
file
|
Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.
Keene Digital Media Server 1.0.2 allows local u
Digital
|
Server
|
Media
|
Keene
|
Keene Digital Media Server 1.0.2 allows local users to obtain usernames and passwords by reading the dmscore.db file on the local system.
DelphiTurk FTP 1.0 stores usernames and passwor
profiledat
|
privileges
|
DelphiTurk
|
passwords
|
usernames
|
allows
|
stores
|
local
|
users
|
which
|
gain
|
file
|
FTP
|
DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat file, which allows local users to gain privileges.
DelphiTurk CodeBank (aka KodBank) 3.1 and earli
DelphiTurk
|
CodeBank
|
DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and passwords in the Codebank registry key, which allows local users to gain privileges.
Einstein 1.0.1 stores sensitive information suc
Einstein
|
Einstein 1.0.1 stores sensitive information such as usernames and passwords in plaintext in the registry, which allows local users to gain privileges.
IMail stores usernames and passwords in clearte
information
|
cleartext
|
attackers
|
sensitive
|
usernames
|
passwords
|
remote
|
obtain
|
stores
|
cookie
|
allows
|
IMail
|
which
|
IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.
kphone 4.2 creates .qt/kphonerc with world-read
world-readable
|
permissions
|
qt/kphonerc
|
usernames
|
passwords
|
creates
|
allows
|
kphone
|
which
|
local
|
users
|
read
|
SIP
|
kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords.
JIWA Financials 6.4.14 stores usernames and pas
Financials
|
JIWA
|
JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords.
Software vulnerabilities results 1 to 20 of 139
Page:
1
2
3
4
5
...
7
►