Lucene search
K

162 matches found

ptsecurity
ptsecurity
added 2013/10/03 12:0 a.m.2 views

PT-2013-67: Sensitive Information Disclosure in Serv-U File Server

The specialists of the Positive Research center have detected a Sensitive Information Disclosure vulnerability in Serv-U File Server. This vulnerability allows an attacker to find out the system configuration and obtain users’ authentication information via Serv-U variables values. Exploitation...

7.8CVSS7.3AI score
Exploits0References3
cvelist
cvelist
added 2013/09/25 10:0 a.m.18 views

CVE-2013-4022

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified authentication information in a cookie, which allows remote authenticated users to bypass intended access...

6AI score0.00922EPSS
Exploits0References2
cvelist
cvelist
added 2012/08/26 7:0 p.m.26 views

CVE-2011-5126

Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by leveraging read access to a downloaded core file...

6.1AI score0.0106EPSS
Exploits0References1
openvas
openvas
added 2009/03/23 12:0 a.m.24 views

Ubuntu Update for moin, moin1.3 vulnerability USN-421-1

Ubuntu Update for Linux kernel vulnerabilities USN-421-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4211.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for moin, moin1.3 vulnerability USN-421-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

4.3CVSS0.5AI score0.02326EPSS
Exploits0References2
openvas
openvas
added 2009/03/23 12:0 a.m.30 views

Ubuntu Update for awstats vulnerability USN-686-1

Ubuntu Update for Linux kernel vulnerabilities USN-686-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6861.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for awstats vulnerability USN-686-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

4.3CVSS6.4AI score0.05597EPSS
Exploits1References2
ubuntu
ubuntu
added 2008/12/04 12:12 a.m.52 views

USN-686-1: AWStats vulnerability

Morgan Todd discovered that AWStats did not correctly strip quotes from certain parameters, allowing for an XSS attack when running as a CGI. If a user was tricked by a remote attacker into following a specially crafted URL, the user's authentication information could be exposed for the domain...

4.3CVSS5.4AI score0.05597EPSS
Exploits1
openvas
openvas
added 2008/09/04 12:0 a.m.40 views

FreeBSD Ports: openwebmail

The remote host is missing an update to the system as announced in the referenced advisory. VID c5519420-cec2-11d8-8898-000d6111a684 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

6.8CVSS6.3AI score0.22528EPSS
Exploits1
cvelist
cvelist
added 2008/02/13 1:0 a.m.20 views

CVE-2003-1540

WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to 1 !pwds.txt and 2 !nicks.txt...

6.5AI score0.03232EPSS
Exploits0References6
nessus
nessus
added 2007/11/10 12:0 a.m.19 views

Ubuntu 5.10 / 6.06 LTS / 6.10 : moin, moin1.3 vulnerability (USN-421-1)

A flaw was discovered in MoinMoin's page name sanitizer which could lead to a cross-site scripting attack. By tricking a user into viewing a crafted MoinMoin page, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user's authentication information...

4.3CVSS5.2AI score0.02326EPSS
Exploits0References2
nvd
nvd
added 2007/04/03 4:19 p.m.14 views

CVE-2007-1853

Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, Global Link Availability Manager, Replication Monitor, Tiered Storage Manager, and Tuning Manager allows local users to obtain authentication information via unspecified vectors...

5CVSS6.3AI score0.01252EPSS
Exploits0References6
prion
prion
added 2007/04/03 4:19 p.m.16 views

Design/Logic Flaw

Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, Global Link Availability Manager, Replication Monitor, Tiered Storage Manager, and Tuning Manager allows local users to obtain authentication information via unspecified vectors...

5CVSS6.8AI score0.01252EPSS
Exploits0References6Affected Software5
seebug
seebug
added 2006/10/25 12:0 a.m.91 views

IM+本地明文用户名口令泄露漏洞

IM+是一款即时消息软件,允许用户同时连接到多个即时消息帐号。 IM+在处理存储用户名口令时存在漏洞,本地攻击者可能利用此漏洞轻易获取认证信息。 IM+没有使用任何安全措施或加密保护即时消息帐号的用户名和口令。恶意用户可以在\Program Files\IMPlus目录下获得implus.cfg文件,然后使用文本编辑器打开该文件,浏览所有帐号信息,包括明文的用户名和口令。 SHAPE Services IM+ v3.10 for Pocket PC 我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...

7.1AI score
Exploits0
jvn
jvn
added 2006/07/06 12:0 a.m.17 views

JVN#44846612 ATutor cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Authentication information could be stolen as a result. Solution Products Affected ATutor 1.5.3 RC2 and earlier...

7AI score
Exploits0
prion
prion
added 2006/03/07 11:2 a.m.24 views

Authentication flaw

SAP Web Application Server WebAS Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers...

6.4CVSS7.4AI score0.02745EPSS
Exploits0References6Affected Software1
cvelist
cvelist
added 2006/03/07 11:0 a.m.22 views

CVE-2006-1039

SAP Web Application Server WebAS Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers...

6.8AI score0.02745EPSS
Exploits0References6
cvelist
cvelist
added 2005/11/16 7:37 a.m.26 views

CVE-2003-1278

Cross-site scripting vulnerability XSS in OpenTopic 2.3.1 allows remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into IMG tags...

6.7AI score0.03658EPSS
Exploits1References3
cve
cve
added 2005/11/16 7:37 a.m.57 views

CVE-2003-1277

CVE-2003-1277 describes cross-site scripting (XSS) in YaBB 1.5.0. The vulnerability allows remote attackers to execute arbitrary scripts as other users and potentially steal authentication information via cookies by injecting HTML/script into (1) news_icon of news_template.php and (2) threadid an...

4.3CVSS7AI score0.01297EPSS
Exploits1References4Affected Software1
cve
cve
added 2005/11/16 7:37 a.m.50 views

CVE-2003-1278

CVE-2003-1278 is an XSS vulnerability in OpenTopic 2.3.1 that allows remote attackers to inject arbitrary HTML/script into IMG tags, enabling execution of scripts as other users and potential cookie theft. Public descriptions from NVD and Red Hat state the issue as a cross-site scripting flaw aff...

4.3CVSS7AI score0.03658EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2005/11/16 7:37 a.m.32 views

CVE-2003-1277

Cross-site scripting XSS vulnerabilities in Yet Another Bulletin Board YaBB 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into 1 newsicon of newstemplate.php, and 2 threadid a...

6.7AI score0.01297EPSS
Exploits1References4
jvn
jvn
added 2005/09/29 12:0 a.m.13 views

JVN#31226748 Vulnerability in multiple web browsers allowing request spoofing attacks

Impact Authentication information or cookie information could be leaked. Solution Products Affected For more information, refer to the vendors' websites...

6.8AI score
Exploits0
Rows per page
Query Builder