CVE-2010-1439

yum-rhn-plugin in Red Hat Network Client Tools aka rhn-client-tools on Red Hat Enterprise Linux RHEL 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security...

Cisco WLC 4402 - Basic Auth Remote Denial of Service (Metasploit)

Cisco WLC 4402 - Basic Auth Remote Denial of Service Metasploit require 'msf/core' class Metasploit3 'Cisco WLC 4200 Basic Auth Denial of Service', 'Description' = %q This module triggers a Denial of Service condition in the Cisco WLC 4200 HTTP server. By sending a GET request with long...

Moodle < 1.6.9/1.7.7/1.8.9/1.9.5 File Disclosure Vulnerability

Exploit for unknown platform in category web applications ============================================================== Moodle 1.6.9/1.7.7/1.8.9/1.9.5 File Disclosure Vulnerability ============================================================== Moodle File Disclosure Vulnerability Systems Affecte...

CVE-2008-1528

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40AGD.2 through 3.40AHQ.3, allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for 1 RemMagSNMP.html, which...

CVE-2008-1528

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40AGD.2 through 3.40AHQ.3, allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for 1 RemMagSNMP.html, which...

CVE-2008-1528

Affected: ZyXEL Prestige routers P-660, P-661, P-662 with firmware 3.40(AGD.2)–3.40(AHQ.3). Issue: remote authenticated users can read HTML sources via direct HTTP requests to disclose credentials, e.g., RemMagSNMP.html reveals SNMP communities and WLAN.html reveals WEP keys. Root cause: inadequa...

DEBIAN-CVE-2007-2165

The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as...

Novell iChain access control solution multiple bugs

DoS, information leak including authentication data, crossite scripting, session hijacking...

Comersus 5.098 XSS Vulnerable

Comersus Shopping Cart 5.098 XSS Vulnerability ======================================================= Vulnerable Systems: Comersus Cart Version 5.098 Comersus is an open source shopping cart.I found a few XSS Vulnerabilty : Pages Affected: /comersus/store/comersusmessage.asp...

DEBIAN-CVE-2004-1834

moddiskcache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information...

Microsoft Internet Information Server (IIS) vulnerable to cross-site scripting via HTTP TRACK method

Overview Microsoft Internet Information Server IIS servers support a HTTP method called TRACK. The HTTP TRACK method returns the contents of client HTTP requests in the entity-body of the TRACK response. This behavior could be leveraged by attackers to access sensitive information, such as cookie...

Authentication data leak in Congueror

Referer: field may contain URL with authentication data...

CVE-2002-0666

IPSEC implementations including 1 FreeS/WAN and 2 KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service kernel panic via spoofed, short Encapsulating Security Payload ESP packets, which result in integer signedness errors...

CVE-2002-0666

CVE-2002-0666 affects multiple IPsec implementations (notably FreeS/WAN and KAME). The root cause is incorrect calculation of the authentication data length for very small ESP datagrams, which can result in an unsigned integer overflow and cause a kernel panic (remote denial of service). The NVD/...

NetBSD Security Advisory 2002-016: Insufficient length check in ESP authentication data

-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2002-016 ================================= Topic: Insufficient length check in ESP authentication data Version: NetBSD-current: source prior to August 23, 2002 NetBSD-1.6 beta: source prior to August 23, 2002 NetBSD-1.5.3: affected...

Multiple IPsec implementations do not adequately validate authentication data

Overview IPsec implementations from multiple vendors do not adequately validate the authentication data in IPsec packets, exposing vulnerable systems to a denial of service. Description For background: RFC 2401 Security Architecture for the Internet Protocol RFC 2402 IP Authentication Header RFC...

Kerio MailServer 5.0/5.1 Web Mail - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/5507/info Reportedly, Kerio Mailserver is vulnerable to cross site scripting attacks. The vulnerability is present in Kerio Mailserver's web mail component. An attacker may exploit this vulnerability by causing a victim user to follow a malicious link...

Kerio MailServer 5.05.1 Web Mail - Multiple Cross-Site Scripting Vulnerabilities

Kerio MailServer 5.05.1 Web Mail - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/5507/info Reportedly, Kerio Mailserver is vulnerable to cross site scripting attacks. The vulnerability is present in Kerio Mailserver's web mail component. An attacker may...

CVE-2001-0928

Buffer overflow in the permitted function of GNOME gtop daemon libgtopdaemon in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data...

PT-2001-2621 · Unknown · Autogalaxy

Name of the Vulnerable Software and Affected Versions: Autogalaxy affected versions not specified Description: The issue allows remote attackers to obtain authentication information and gain unauthorized access. This is possible because Autogalaxy stores usernames and passwords in cleartext in...