234 matches found
CVE-2008-6999
phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function...
CVE-2009-2648
FlashDen Guestbook allows remote attackers to obtain configuration information via a direct request to amfphp/phpinfo.php, which calls the phpinfo function...
CVE-2009-0507
IBM WebSphere Process Server WPS 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the 1 JMSAPI, 2 ESCALATION, and 3...
CVE-2006-3882
Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function...
Debian DSA-555-1 : freenet6 - wrong file permissions
Simon Josefsson noticed that the tspc.conf configuration file in freenet6, a client to configure an IPv6 tunnel to freenet6.net, is set world readable. This file can contain the username and the password used to contact the IPv6 tunnelbroker freenet6.net. %NASLMINLEVEL 70300 C Tenable Network...
MailPost discloses sensitive system information when operating in debug mode
Overview A vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions that may permit a remote attacker to gain sensitive information about the server configuration and environment.. Description According to the ProCheckUp report, MailPost contains a vulnerabilit...
[Full-Disclosure] Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning
Good morning list, ,--. ,--. /-- / ======================================================= ' a a ======== 1. Posfix 1.1.12 remote DoS CAN-2003-0540 . ,---. , ========================================================oo'========= There is a remotely exploitable denial of service vulnerability in...
EmuMail 5.0 - Web Root Full Path Disclosure
EmuMail 5.0 - Web Root Full Path Disclosure source: https://www.securityfocus.com/bid/5823/info Emumail is an open source web mail application. It is available for the Unix, Linux, and Microsoft Windows operating systems. Under some conditions, Emumail may reveal sensitive configuration...
VP-ASP shopping cart software.
NOTE: Please Just ignore the tags, there just notes ect. to make a .txt document a little more readable, or not. short Several security issues in the VP-ASP shopping cart software dotPath Information Disclosure Vulnerability. dotInsecure perrmissions on configuration file. /short synopsis -Defaul...
Security Advisory: Multiple Vulnerabilities in Cisco SN 5420 Storage Router
-----BEGIN PGP SIGNED MESSAGE----- Cisco Security Advisory: Multiple Vulnerabilities in Cisco SN 5420 Storage Routers Revision 1.0 For Public Release 2002 January 09 08:00 UTC -0800 Summary Three vulnerabilities have been discovered in Cisco SN 5420 Storage Router software releases up to and...
CVE-2000-0254
The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables...
NAI WebShield SMTP GET_CONFIG Information Disclosure
The remote NAI WebShield SMTP Management tool gives away its configuration when it is issued the command : GETCONFIG This may be of some use to an attacker to gain more knowledge about this system. C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid10424; scriptversion...
CVE-1999-0678
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server...
tigris-rat-access.txt
Date: Sun, 3 Jan 1999 00:55:22 +1100 From: Robert Thomas To: [email protected] Subject: ACC's 'Tigris' Access Terminal server security vunerability.. ACC link - http://www.acc.com have been aware of this flaw for 3 months now, so I'm not springing this on them unaware. Just so you know 8- OS...