<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>CWE-255 Archives - CVE Vulnerability</title>
	<atom:link href="https://cvevulnerability.com/cwe_categories/cwe-255/feed/" rel="self" type="application/rss+xml" />
	<link>https://cvevulnerability.com/cwe_categories/cwe-255/</link>
	<description></description>
	<lastBuildDate>Sun, 26 Feb 2023 09:11:58 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>

<image>
	<url>https://cvevulnerability.com/wp-content/uploads/2023/02/cropped-Screenshot-2023-02-27-at-3.52.32-PM-32x32.png</url>
	<title>CWE-255 Archives - CVE Vulnerability</title>
	<link>https://cvevulnerability.com/cwe_categories/cwe-255/</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>CVE-2008-7309</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2008-7309/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 09:11:58 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2008-7309/</guid>

					<description><![CDATA[<p>Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model&#8217;s attributes, which allows remote attackers to set the ForumPost user_id value via a modified URL, related to a &#8220;mass assignment&#8221; vulnerability.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-7309/">CVE-2008-7309</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model&#8217;s attributes, which allows remote attackers to set the ForumPost user_id value via a modified URL, related to a &#8220;mass assignment&#8221; vulnerability.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-7309/">CVE-2008-7309</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2008-7311</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2008-7311/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 09:11:58 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2008-7311/</guid>

					<description><![CDATA[<p>The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-7311/">CVE-2008-7311</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-7311/">CVE-2008-7311</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2008-7320</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2008-7320/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 09:11:58 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2008-7320/</guid>

					<description><![CDATA[<p>** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-7320/">CVE-2008-7320</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-7320/">CVE-2008-7320</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2008-7255</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2008-7255/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 09:11:56 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2008-7255/</guid>

					<description><![CDATA[<p>login_screen.tcl in aMSN (aka Alvaro&#8217;s Messenger) before 0.97.1 saves a password after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-7255/">CVE-2008-7255</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>login_screen.tcl in aMSN (aka Alvaro&#8217;s Messenger) before 0.97.1 saves a password after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-7255/">CVE-2008-7255</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2008-7261</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2008-7261/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 09:11:56 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2008-7261/</guid>

					<description><![CDATA[<p>The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-7261/">CVE-2008-7261</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-7261/">CVE-2008-7261</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2008-7050</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2008-7050/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 09:11:50 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2008-7050/</guid>

					<description><![CDATA[<p>The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain [&#8230;]</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-7050/">CVE-2008-7050</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-7050/">CVE-2008-7050</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2008-6971</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2008-6971/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 09:11:48 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2008-6971/</guid>

					<description><![CDATA[<p>The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify passwords of other users and gain privileges.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-6971/">CVE-2008-6971</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify passwords of other users and gain privileges.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-6971/">CVE-2008-6971</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2008-6817</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2008-6817/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 09:11:43 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2008-6817/</guid>

					<description><![CDATA[<p>Mole Group Lastminute Script 4.0 and earlier stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-6817/">CVE-2008-6817</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>Mole Group Lastminute Script 4.0 and earlier stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-6817/">CVE-2008-6817</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2008-6818</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2008-6818/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 09:11:43 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2008-6818/</guid>

					<description><![CDATA[<p>Mole Group Real Estate Script 1.1 and earlier stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-6818/">CVE-2008-6818</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>Mole Group Real Estate Script 1.1 and earlier stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-6818/">CVE-2008-6818</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2008-6577</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2008-6577/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Sun, 26 Feb 2023 09:11:36 +0000</pubDate>
				<guid isPermaLink="false">https://www.cvevulnerability.com/cve_vulnerabilities/cve-2008-6577/</guid>

					<description><![CDATA[<p>Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-6577/">CVE-2008-6577</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2008-6577/">CVE-2008-6577</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
	</channel>
</rss>
