Vulnerabilities > Cleartext Transmission of Sensitive Information
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-17 | CVE-2017-6370 | Cleartext Transmission of Sensitive Information vulnerability in Typo3 7.6.15 TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields. | 5.3 |
| 2017-03-09 | CVE-2017-6432 | Cleartext Transmission of Sensitive Information vulnerability in Dahuasecurity NVR Firmware 3.210.0001.10 An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. | 8.1 |
| 2017-03-02 | CVE-2017-6410 | Cleartext Transmission of Sensitive Information vulnerability in KDE Kdelibs kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file. | 5.5 |
| 2017-02-27 | CVE-2017-6341 | Cleartext Transmission of Sensitive Information vulnerability in Dahuasecurity Camera Firmware, NVR Firmware and Smartpss Firmware Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117. | 5.9 |
| 2008-12-19 | CVE-2008-4122 | Cleartext Transmission of Sensitive Information vulnerability in Joomla Joomla! 1.5.8 Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 7.5 |
| 2008-12-09 | CVE-2008-4390 | Cleartext Transmission of Sensitive Information vulnerability in Cisco Linksys Wvc54Gc Firmware The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network. | 7.5 |
| 2008-07-24 | CVE-2008-3289 | Cleartext Transmission of Sensitive Information vulnerability in Storcentric Retrospect Backup Client 7.5.116 EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet. | 7.5 |
| 2008-01-22 | CVE-2008-0374 | Cleartext Transmission of Sensitive Information vulnerability in OKI C5510Mfp Firmware 1.01 OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777. | 7.5 |
| 2007-10-23 | CVE-2007-5626 | Cleartext Transmission of Sensitive Information vulnerability in Bacula make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network. | 5.5 |
| 2007-09-10 | CVE-2007-4786 | Cleartext Transmission of Sensitive Information vulnerability in Cisco Adaptive Security Appliance Software Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information. | 5.3 |