Vulnerabilities > Credentials Management
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-01-04 | CVE-2007-6661 | Credentials Management vulnerability in 2Z Project 2Z Project 0.9.6.1 2z project 0.9.6.1 allows attackers to change the password without supplying the old password. | 6.4 |
2007-12-17 | CVE-2007-6414 | Credentials Management vulnerability in Adultscript 1.6 admin/administrator.php in Adult Script 1.6 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication and obtain administrative credentials via a direct request. | 7.5 |
2007-12-17 | CVE-2007-6399 | Credentials Management vulnerability in Myupb Flat PHP Board index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action. | 6.5 |
2007-12-13 | CVE-2007-6329 | Credentials Management vulnerability in Microsoft Office 2007 Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container. | 6.4 |
2007-12-07 | CVE-2007-6267 | Credentials Management vulnerability in Citrix products Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information. | 2.1 |
2007-12-06 | CVE-2007-6260 | Credentials Management vulnerability in Oracle Database Server The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. | 6.8 |
2007-11-22 | CVE-2007-6096 | Credentials Management vulnerability in Ingate Firewall and Ingate Siparator Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown vectors. | 5.0 |
2007-11-15 | CVE-2007-5905 | Credentials Management vulnerability in Adobe Coldfusion 7.0/8.0 Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability. | 6.8 |
2007-11-06 | CVE-2007-4994 | Credentials Management vulnerability in Redhat Certificate Server 7.2 Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL. | 7.5 |
2007-10-18 | CVE-2007-5579 | Credentials Management vulnerability in Pligg CMS 9.5 login.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, which allows remote attackers with knowledge of a username to reset that user's password by calculating the confirmationcode parameter. | 7.5 |