Vulnerabilities > Credentials Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-09-24 | CVE-2007-5063 | Credentials Management vulnerability in Adam Scheinberg Flip Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt. | 5.0 |
| 2007-08-29 | CVE-2007-4594 | Credentials Management vulnerability in Entrust Entelligence Security Provider 8 Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. | 6.4 |
| 2007-08-25 | CVE-2007-4526 | Credentials Management vulnerability in multiple products The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the username and password in a local file, which allows local users to obtain sensitive information by reading this file. | 2.1 |
| 2007-08-08 | CVE-2007-4261 | Credentials Management vulnerability in EZ Photo Sales EZ Photo Sales 1.9.3 EZPhotoSales 1.9.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) a file containing cleartext passwords via a direct request for OnlineViewing/data/galleries.txt, or (2) a file containing username hashes and password hashes via a direct request for OnlineViewing/configuration/config.dat/. | 7.5 |
| 2007-07-25 | CVE-2007-3978 | Credentials Management vulnerability in Bwired Session fixation vulnerability in bwired allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | 4.3 |
| 2007-06-19 | CVE-2007-3275 | Credentials Management vulnerability in Mailwasher Server MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. | 7.1 |
| 2007-06-06 | CVE-2007-3061 | Credentials Management vulnerability in Cactusoft Cactushop Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb. | 7.8 |
| 2007-05-18 | CVE-2007-2766 | Credentials Management vulnerability in Backup Manager Backup Manager lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQL password as a plaintext command line argument, which allows local users to obtain this password by listing the process and its arguments, related to lib/backup-methods.sh. | 7.2 |
| 2007-02-22 | CVE-2007-1068 | Credentials Management vulnerability in multiple products The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423. | 7.2 |
| 2007-01-04 | CVE-2007-0057 | Credentials Management vulnerability in Cisco Network Admission Control Manager and Server System Software Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access. | 10.0 |