600 matches found
CVE-2007-0413
BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a backup of config.xml after offline editing, which allows local users to obtain sensitive information by reading this backup file...
Kile: Incorrect backup file permission
Background Kile is a TeX/LaTeX editor for KDE. Description Kile fails to set the same permissions on backup files as on the original file. This is similar to CVE-2005-1920. Impact A kile user may inadvertently grant access to sensitive information. Workaround There is no known workaround at this...
Cahier de texte V2.0 SQL Code Execution Exploit
!/usr/bin/perl INFORMATIONS ============ Affected.scr..: Cahier de texte V2.0 Poc.ID........: 15061124 Type..........: Predictable backup filename, Source disclosure Risk.level....: High Conditions....: registerglobals = on Src.download..: www.etab.ac-caen.fr/bsauveur/cahierdetexte/ Poc.link........
CVE-2006-6085
Kile before 1.9.3 does not assign a backup file the same permissions as the original file, which might allow local users to obtain sensitive information...
CVE-2006-6085
Kile before 1.9.3 does not assign a backup file the same permissions as the original file, which might allow local users to obtain sensitive information...
CVE-2006-6085
Kile before 1.9.3 does not assign a backup file the same permissions as the original file, which might allow local users to obtain sensitive information...
Cahier de texte 2.0 - Database Backup Source Disclosure
Cahier de texte 2.0 - Database Backup Source Disclosure !/usr/bin/perl INFORMATIONS ============ Affected.scr..: Cahier de texte V2.0 Poc.ID........: 15061124 Type..........: Predictable backup filename, Source disclosure Risk.level....: High Conditions....: registerglobals = on Src.download..:...
Cahier de texte 2.0 (Database Backup/Source Disclosure) Remote Exploit
Exploit for unknown platform in category web applications ====================================================================== Cahier de texte 2.0 Database Backup/Source Disclosure Remote Exploit ====================================================================== !/usr/bin/perl INFORMATIONS...
[Full-disclosure] [SECURITY] Plain text password in Finjan Appliance 5100/8100 NG backup file
Plain text password in backup file Finjan Appliance 5100/8100 NG The Version 8.3.5 is affected. In the new console function backup and restore the passwords are saved as plain text. The Finjan Appliance uses a Firebird database. The backup saves the database as text file. Samba and FTP passwords...
Ubuntu 5.04 : kdelibs vulnerability (USN-150-1)
Kate and Kwrite create a backup file before saving a modified file. These backup files were created with default permissions, even if the original file had more strict permissions set, so that other local users could possibly read the backup file even if they are not permitted to read the origina...
[SECURITY] [DSA 804-2] New kdelibs packages fix backup file information leak
-------------------------------------------------------------------------- Debian Security Advisory DSA 804-2 [email protected] http://www.debian.org/security/ Martin Schulze November 10th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 804-2] New kdelibs packages fix backup file information leak
-------------------------------------------------------------------------- Debian Security Advisory DSA 804-2 [email protected] http://www.debian.org/security/ Martin Schulze November 10th, 2005 http://www.debian.org/security/faq -...
DSA-804-2 kdelibs - insecure permissions
Bulletin has no description...
USN-150-1: KDE library vulnerability
Kate and Kwrite create a backup file before saving a modified file. These backup files were created with default permissions, even if the original file had more strict permissions set, so that other local users could possibly read the backup file even if they are not permitted to read the origina...
pafaq.pl.txt
!/usr/bin/perl -w paFaq 1.0 Add Administrator PoC // By James // http://www.gulftech.org use LWP::UserAgent; Set up the LWP User Agent $ua = new LWP::UserAgent; $ua-agent"paFaq Hash Grabber v1.0"; if !$ARGV0 print "Usage : pafaq.pl http://path/to/pafaq"; exit; my $keytime = time; my $dbmpath =...
CVE-2005-1944
xmysqladmin 1.0 and earlier allows local users to delete arbitrary files via a symlink attack on a database backup file in /tmp...
Aztek Forum 4.0 - 'myadmin.php' Database Dumper
/ Changed line 81 - Tested and working /str0ke / / LOTFREE Team presents : Forum-Aztek v4.0 4nd pr0b4bly inf3ri0r Database Dump Xpl0it 0day dUd3 X- ./aztek-sploit 127.0.0.1 admin forum HTTP/1.1 200 OK Date: Sat, 05 Mar 2005 22:18:13 GMT Server: Apache/2.0.50 Ubuntu PHP/4.3.8 X-Powered-By: PHP/4.3...
Debian DSA-230-1 : bugzilla - insecure permissions, spurious backup files
Two vulnerabilities have been discovered in Bugzilla, a web-based bug tracking system, by its authors. The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities : CAN-2003-0012 BugTraq ID 6502 The provided data collection script intended to be run as a nightly cron...
[SECURITY] [DSA 230-1] New bugzilla packages fix unauthorized data modification
-------------------------------------------------------------------------- Debian Security Advisory DSA 230-1 [email protected] http://www.debian.org/security/ Martin Schulze January 16th, 2003 http://www.debian.org/security/faq -...
Starfish Truesync Desktop + REX 5000 Pro multiple vulnerabilities
Background: REX 5000 is a credit card sized PDA, made by Xircom which now is "An Intel Company". It is coming with a good PIM program, Starfish www.starfish.com Truesync Desktop which is probably a new rewrite of the well-known Starfish Sidekick. I just downloaded the last version, 2.0b. I notice...