• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-255

CVE-2007-3978

February 26, 2023 by

Session fixation vulnerability in bwired allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

CVE-2007-3275

February 26, 2023 by

MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. NOTE: some of these details are obtained from third party information.

CVE-2007-3061

February 26, 2023 by

Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.

CVE-2007-2766

February 26, 2023 by

lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQL password as a plaintext command line argument, which allows local users to obtain this password by listing the process and its arguments, related to lib/backup-methods.sh.

CVE-2007-1068

February 26, 2023 by

The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423.

CVE-2007-0057

February 26, 2023 by

Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 14
  • Go to page 15
  • Go to page 16
  • Go to page 17
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE