Lucene search
K

869 matches found

exploitpack
exploitpack
added 2008/09/30 12:0 a.m.17 views

Xen 3.3 - XenStore Domain Configuration Data Unsafe Storage

Xen 3.3 - XenStore Domain Configuration Data Unsafe Storage source: https://www.securityfocus.com/bid/31499/info Xen is prone to a vulnerability that results in configuration information being stored in a location that is writable by guest domains. UPDATE December 19, 2008: The initial proposed...

7.4AI score
Exploits0
Prion
Prion
added 2008/06/04 8:32 p.m.16 views

Improper access control

The Admin Server in Sun Java Active Server Pages ASP Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents...

5CVSS7AI score0.11367EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2008/06/04 8:32 p.m.31 views

CVE-2008-2402

The Admin Server in Sun Java Active Server Pages ASP Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents...

5CVSS6.4AI score0.11367EPSS
Exploits1References7
CVE
CVE
added 2008/06/04 8:0 p.m.50 views

CVE-2008-2402

CVE-2008-2402 involves Sun Java System Active Server Pages (ASP) Server prior to 4.0.3. The Admin Server stores sensitive information under the web root with insufficient access control, allowing remote attackers to read password hashes and configuration data via direct requests for unspecified d...

5CVSS6.4AI score0.11367EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2008/06/04 8:0 p.m.33 views

CVE-2008-2402

The Admin Server in Sun Java Active Server Pages ASP Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents...

6.4AI score0.11367EPSS
Exploits1References7
NVD
NVD
added 2007/08/13 9:17 p.m.18 views

CVE-2007-4319

The management interface in ZyNOS firmware 3.62WK.6 on the Zyxel Zywall 2 device allows remote authenticated administrators to cause a denial of service infinite reboot loop via invalid configuration data. NOTE: this issue might not cross privilege boundaries, and it might be resultant from CSRF;...

4CVSS6.3AI score0.01361EPSS
Exploits1References6
Prion
Prion
added 2007/08/13 9:17 p.m.20 views

Cross site scripting

The management interface in ZyNOS firmware 3.62WK.6 on the Zyxel Zywall 2 device allows remote authenticated administrators to cause a denial of service infinite reboot loop via invalid configuration data. NOTE: this issue might not cross privilege boundaries, and it might be resultant from CSRF;...

4CVSS6.9AI score0.01361EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2007/07/31 10:17 a.m.15 views

CVE-2007-4113

Unspecified vulnerability in Advanced Webhost Billing System AWBS before 2.6.0 allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors...

3.5CVSS6.1AI score0.00924EPSS
Exploits1References4
Prion
Prion
added 2007/07/31 10:17 a.m.15 views

Default configuration

Unspecified vulnerability in Advanced Webhost Billing System AWBS before 2.6.0 allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors...

3.5CVSS6.6AI score0.00924EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2007/07/31 10:0 a.m.50 views

CVE-2007-4113

Summary: CVE-2007-4113 affects the Advanced Webhost Billing System (AWBS) prior to version 2.6.0. The vulnerability allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors. The provided documents do not specify the exact attack vector, ...

3.5CVSS6.1AI score0.00924EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2007/07/31 10:0 a.m.21 views

CVE-2007-4113

Unspecified vulnerability in Advanced Webhost Billing System AWBS before 2.6.0 allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors...

6.1AI score0.00924EPSS
Exploits1References4
securityvulns
securityvulns
added 2007/07/15 12:0 a.m.26 views

eSoft InstaGate EX2 UTM crossite forgery

It's possible to submit the form with configuration data...

2.2AI score
Exploits0References1
seebug.org
seebug.org
added 2007/05/08 12:0 a.m.15 views

VMware多个拒绝服务漏洞

VMWare是一款虚拟PC软件,允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。 VMWare中存在多个拒绝服务漏洞,具体如下: 1 虚拟机进程(VMX)的ACPI实现在收集有关虚拟机运行状态信息时存在错误,可能导致进程读取无效的内存位置。 2 VMX储存某些畸形配置数据时的错误可能导致guest操作系统拒绝服务。 3 在Windows guest操作系统中处理通用保护错误(GPF)中的漏洞可能导致Windows虚拟机崩溃。 4 在64位主机系统上调试64位Windows guest操作系统中的应用程序时可能导致被破坏的栈指针或内核bugcheck。 VMWar...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/05/08 12:0 a.m.71 views

VMSA-2007-0004 Multiple Denial-of-Service issues fixed

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2007-0004 Synopsis: Multiple Denial-of-Service issues fixed Issue date: 2007-05-04 Updated on: 2007-05-04 CVE numbers: CVE-2007-1069...

7.8CVSS6.2AI score0.01983EPSS
Exploits1
Cvelist
Cvelist
added 2007/04/10 11:0 p.m.26 views

CVE-2007-1914

The RFCSTARTPROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to obtain sensitive information external RFC server configuration data via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague...

5.9AI score0.01745EPSS
Exploits0References7
NVD
NVD
added 2007/03/21 11:19 p.m.15 views

CVE-2007-1585

The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.00.7, and WRT54GC 1 with firmware 1.03.0 and earlier allow remote attackers to obtain sensitive information passwords and configuration data via a packet to UDP port 916. NOTE: some of these details are obtained from third party...

5CVSS6.3AI score0.01256EPSS
Exploits0References5
Prion
Prion
added 2007/01/26 1:28 a.m.15 views

Information disclosure

The admin web console implemented by the Centrality Communications aka Aredfox PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser session...

9CVSS7.2AI score0.04349EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2006/06/28 10:0 p.m.25 views

CVE-2006-3285

The internal database in Cisco Wireless Control System WCS for Linux and Windows before 3.251 uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data aka bugs CSCsd15955...

6.4AI score0.02632EPSS
Exploits0References7
securityvulns
securityvulns
added 2005/01/22 12:0 a.m.33 views

3COM OfficeConnect Wireless 11g AP wireless access point unauthorized access

It's possible to accesss configuration data including cleartext passwords without any authentication...

3.9AI score
Exploits0References1
securityvulns
securityvulns
added 2003/07/25 12:0 a.m.25 views

Oracle E-Business Suite multiple bugs

Buffer overflow in FNDWRR CGI. Unauthorized access to configuration data...

4.3AI score
Exploits0References2Affected Software1
Rows per page
Query Builder