6581 matches found
CVE-2005-0604
CVE-2005-0604 affects lnss.exe in GFI Languard Network Security Scanner 5.0 . The vulnerability is that the program stores the username and password in memory in plaintext, which could allow local administrators to obtain domain administrator credentials. This is the stated impact in the records,...
[VulnWatch] Patch available for high risk IBM DB2 Universal Database flaw
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Researchers at NGSSoftware have discovered a high risk vulnerability in IBM's DB2 Universal Database Version 8.1 and earlier. IBM has just released Fixpak 8 for DB2 UDB 8.1 which addresses the security flaw...
[SECURITY] [DSA 566-1] New CUPS packages fix information leak
-------------------------------------------------------------------------- Debian Security Advisory DSA 566-1 [email protected] http://www.debian.org/security/ Martin Schulze October 14th, 2004 http://www.debian.org/security/faq -...
DSA-566-1 cupsys - unsanitised input
Bulletin has no description...
Microsoft Security Bulletin MS04-026 Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks (842436)
Microsoft Security Bulletin MS04-026 Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks 842436 Issued: August 10, 2004 Version: 1.0 Summary Who should read this document: System administrators who have servers running Microsoft® Exchange...
Microsoft Security Bulletin MS04-004
Microsoft Security Bulletin MS04-004 Cumulative Security Update for Internet Explorer 832894 Issued: February 2, 2004 Version: 1.0 Summary Who should read this document: Customers who are using Microsoft® Internet Explorer Impact of vulnerability: Remote Code Execution Maximum Severity Rating:...
Microsoft Security Bulletin MS04-002
Microsoft Security Bulletin MS04-002 Print Vulnerability in Exchange Server 2003 Could Lead to Privilege Escalation 832759 Issued: January 13, 2004 Version: 1.0 Summary Who should read this document: System administrators who have servers that are running Microsoft® Outlook® Web Access for...
Microsoft Security Bulletin MS03-046
Microsoft Security Bulletin MS03-046 Print Vulnerability in Exchange Server Could Allow Arbitrary Code Execution 829436 Issued: October 15, 2003 Version Number: Version Number: 1.0 Summary Who Should Read This Document: System administrators who have servers running Microsoft® Exchange Server...
Microsoft Security Bulletin MS03-047
Microsoft Security Bulletin MS03-047 Print Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack 828489 Issued: October 15, 2003 Version Number: 1.0 Summary Who Should Read This Document: System administrators who have servers running Microsoft® Exchange...
DEBIAN-CVE-2002-1477
graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode...
PT-2003-1213 · Cacti · Cacti
Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 0.6.8 Description: The issue allows remote authenticated Cacti administrators to execute arbitrary commands. This can be achieved by injecting shell metacharacters in the title during edit mode, specifically in the...
MS02-001: Trusted Domain SID Remote Privilege Escalation (311401)
Trust relationships are created between Windows NT or Windows 2000 domains to allow users in one domain to access resources in other domains without requiring them to authenticate separately to each domain. When a user in a trusted domain requests access to a resource in a trusting domain, the...
Technical information about unpatched MS Java vulnerabilities
These are some technical details about the security vulnerabilities I've found in Microsoft's Java implementatation. They were reported to the vendor mostly during August 2002. Microsoft no longer responds to my inqueries and doesn't seem to react about these severe vulnerabilities which affect...
CVE-2002-1096
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code...
CVE-2002-1097
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Management pages...
CVE-2002-0786
The CVE-2002-0786 entry concerns the iCon administrative web server for Critical Path inJoin Directory Server 4.0. Affected component: the inJoin Directory Server 4.0 web interface (iCon admin). Vulnerability: authenticated inJoin administrators can read arbitrary files by specifying the target f...
Privelege escalation using webmin log files
Unsafe permissions of log files allows to steal cookie of system administrators and to get web access to administration with root permissions...
Microsoft Windows 'Administrators' Group User List
Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this group have complete access to the remote system. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10902; scriptversion"1.23"; scriptcvsdate"Date:...
Microsoft Windows 'Domain Administrators' Group User List
Using the supplied credentials, it is possible to extract the member list of the 'Domain Administrators' group. Members of this group have complete access to the Windows Domain. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10908; scriptversion"1.24";...
SECURITY.NNOV: Bypassing content filtering software
There are common methods allowing to bypass almost any content filtering software antiviral products, CVP firewalls, mail attachment filtering, etc. I believe multiple products are vulnerable. Contents: I. Bypassing attachment detection or invalid detection of attachment type. 1. Encoded filename...