162 matches found
PT-2013-67: Sensitive Information Disclosure in Serv-U File Server
The specialists of the Positive Research center have detected a Sensitive Information Disclosure vulnerability in Serv-U File Server. This vulnerability allows an attacker to find out the system configuration and obtain users’ authentication information via Serv-U variables values. Exploitation...
CVE-2013-4022
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified authentication information in a cookie, which allows remote authenticated users to bypass intended access...
CVE-2011-5126
Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by leveraging read access to a downloaded core file...
Ubuntu Update for moin, moin1.3 vulnerability USN-421-1
Ubuntu Update for Linux kernel vulnerabilities USN-421-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4211.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for moin, moin1.3 vulnerability USN-421-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
Ubuntu Update for awstats vulnerability USN-686-1
Ubuntu Update for Linux kernel vulnerabilities USN-686-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6861.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for awstats vulnerability USN-686-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
USN-686-1: AWStats vulnerability
Morgan Todd discovered that AWStats did not correctly strip quotes from certain parameters, allowing for an XSS attack when running as a CGI. If a user was tricked by a remote attacker into following a specially crafted URL, the user's authentication information could be exposed for the domain...
FreeBSD Ports: openwebmail
The remote host is missing an update to the system as announced in the referenced advisory. VID c5519420-cec2-11d8-8898-000d6111a684 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
CVE-2003-1540
WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to 1 !pwds.txt and 2 !nicks.txt...
Ubuntu 5.10 / 6.06 LTS / 6.10 : moin, moin1.3 vulnerability (USN-421-1)
A flaw was discovered in MoinMoin's page name sanitizer which could lead to a cross-site scripting attack. By tricking a user into viewing a crafted MoinMoin page, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user's authentication information...
CVE-2007-1853
Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, Global Link Availability Manager, Replication Monitor, Tiered Storage Manager, and Tuning Manager allows local users to obtain authentication information via unspecified vectors...
Design/Logic Flaw
Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, Global Link Availability Manager, Replication Monitor, Tiered Storage Manager, and Tuning Manager allows local users to obtain authentication information via unspecified vectors...
IM+本地明文用户名口令泄露漏洞
IM+是一款即时消息软件,允许用户同时连接到多个即时消息帐号。 IM+在处理存储用户名口令时存在漏洞,本地攻击者可能利用此漏洞轻易获取认证信息。 IM+没有使用任何安全措施或加密保护即时消息帐号的用户名和口令。恶意用户可以在\Program Files\IMPlus目录下获得implus.cfg文件,然后使用文本编辑器打开该文件,浏览所有帐号信息,包括明文的用户名和口令。 SHAPE Services IM+ v3.10 for Pocket PC 我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
JVN#44846612 ATutor cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Authentication information could be stolen as a result. Solution Products Affected ATutor 1.5.3 RC2 and earlier...
Authentication flaw
SAP Web Application Server WebAS Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers...
CVE-2006-1039
SAP Web Application Server WebAS Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers...
CVE-2003-1278
Cross-site scripting vulnerability XSS in OpenTopic 2.3.1 allows remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into IMG tags...
CVE-2003-1277
CVE-2003-1277 describes cross-site scripting (XSS) in YaBB 1.5.0. The vulnerability allows remote attackers to execute arbitrary scripts as other users and potentially steal authentication information via cookies by injecting HTML/script into (1) news_icon of news_template.php and (2) threadid an...
CVE-2003-1278
CVE-2003-1278 is an XSS vulnerability in OpenTopic 2.3.1 that allows remote attackers to inject arbitrary HTML/script into IMG tags, enabling execution of scripts as other users and potential cookie theft. Public descriptions from NVD and Red Hat state the issue as a cross-site scripting flaw aff...
CVE-2003-1277
Cross-site scripting XSS vulnerabilities in Yet Another Bulletin Board YaBB 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into 1 newsicon of newstemplate.php, and 2 threadid a...
JVN#31226748 Vulnerability in multiple web browsers allowing request spoofing attacks
Impact Authentication information or cookie information could be leaked. Solution Products Affected For more information, refer to the vendors' websites...