1289 matches found
Default credentials
Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the...
CVE-2007-2032
Cisco Wireless Control System WCS before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014...
CVE-2007-0058
Cisco Clean Access CCA 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager CAM allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file...
Authentication flaw
Cisco Clean Access CCA 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager CAM allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file...
CVE-2007-0058
CVE-2007-0058 affects Cisco Clean Access (CCA) on the Clean Access Manager (CAM): versions 3.5.x up to 3.5.9 and 3.6.x up to 3.6.1.1 allow remote attackers to bypass authentication and download arbitrary manual database backups by brute-forcing the snapshot filename and requesting the file direct...
CVE-2006-4786
Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via 1 help.php and 2 other unspecified vectors involving scheduled backups...
CVE-2006-4786
Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via 1 help.php and 2 other unspecified vectors involving scheduled backups...
CVE-2006-4786
Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via 1 help.php and 2 other unspecified vectors involving scheduled backups...
CVE-2006-3831
The CVE-2006-3831 issue affects Kailash Nadh boastMachine (formerly bMachine) versions up to 3.1. The backup feature creates database backups with predictable filenames and stores them under the web root with insufficient access controls, enabling remote attackers to download a backup file and ob...
CVE-2006-3831
The Backup selection in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier uses predicable filenames for database backups and stores the files under the web root with insufficient access control, which allows remote attackers to obtain sensitive information by downloading a backup file...
DEBIAN-CVE-2005-1855
Backup Manager backup-manager before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information...
PT-2005-2875 · Kde +1 · Kate +3
Name of the Vulnerable Software and Affected Versions: KDE versions 3.2.x through 3.4.0 Description: The issue affects the Kate and Kwrite applications, where they do not properly set the same permissions on the backup file as were set on the original file. This could allow local users and possib...
PHP-Fusion <= 6.00.105 Multiple Vulnerabilities
According to its banner, the remote host is running a version of PHP-Fusion that is affected by multiple vulnerabilities : - An Information Disclosure Vulnerability PHP Fusion stores database backups in a known location within the web server's documents directory. An attacker may be able to...
[EXPL] PHP-Fusion Accessible Database Backups Download (Exploit)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
PHP-Fusion <= 6.00.105 Accessible Database Backups Download Exploit
Exploit for unknown platform in category web applications =================================================================== PHP-Fusion = 6.00.105 Accessible Database Backups Download Exploit =================================================================== !/usr/bin/perl D A R K A S S A S S I...
CVE-2005-1586
Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to 1 db/users.txt, 2 db/banList.txt, 3 db/censureWords.txt, or ...
CVE-2005-1586
Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to 1 db/users.txt, 2 db/banList.txt, 3 db/censureWords.txt, or ...
CVE-2004-1724
The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusionadmin/dbbackups directory to world read/write/execute 777, which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator userna...
Asante FM2008 10/100 Ethernet switch backdoor login
The Asante FM2008 is an 8 port managed Ethernet 10/100 switch. It may be managed, like many others in its device class, by Telnet, by serial port, by HTTP, or by SNMP. Also like most similar devices, the serial port, HTTP, and Telnet access methods require one to provide username/password...
nwclient -- multiple vulnerabilities
Insecure file permissions, network access control and DNS usage put systems that use Legato NetWorker at risk. When the software is running, several files that contain sensitive information are created with insecure permissions. The information exposed include passwords and can therefore be used...