IM+本地明文用户名口令泄露漏洞

IM+是一款即时消息软件，允许用户同时连接到多个即时消息帐号。 IM+在处理存储用户名口令时存在漏洞，本地攻击者可能利用此漏洞轻易获取认证信息。 IM+没有使用任何安全措施或加密保护即时消息帐号的用户名和口令。恶意用户可以在\Program Files\IMPlus目录下获得implus.cfg文件，然后使用文本编辑器打开该文件，浏览所有帐号信息，包括明文的用户名和口令。 SHAPE Services IM+ v3.10 for Pocket PC 我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

Debian DSA-1062-1 : kphone - insecure file creation

Sven Dreyer discovered that KPhone, a Voice over IP client for KDE, creates a configuration file world-readable, which could leak sensitive information like SIP passwords. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...

CVE-2006-4674

Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php...

Joomla Kochsuite Component <= 0.9.4 Remote File Include Vulnerability

No description provided by source. .: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | \\ /\ / :. . ..: ||| / \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 18.o8.2oo6 .. Affected Application: Kochsuite v0.9.4 Mambo/Joomla CMS Component...

barracudeArbitrary.txt

Title: Barracuda Arbitrary File Disclosure Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair [email protected] Discovered on: 29 May 2006 Overview: Barracuda Spam...

Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (1)

Title: Barracuda Arbitrary File Disclosure + Command Execution Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair [email protected] Discovered on: 29 May 2006 Overview:...

Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (1)

Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution 1 Title: Barracuda Arbitrary File Disclosure + Command Execution Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair...

Barracuda Spam Firewall <= 3.3.03.053 Remote Code Execution

No description provided by source. Title: Barracuda Arbitrary File Disclosure + Command Execution Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair [email protected]...

PT-2006-4361 · Oracle · Mysql Server

Name of the Vulnerable Software and Affected Versions: MySQL versions prior to 5.0.23 MySQL versions prior to 5.1.12 Description: The issue is related to an off-by-one buffer overflow in the Instance options::complete initialization function in instance options.cc in the Instance Manager. This...

CVE-2006-3413

The privoxy configuration file in Tor before 0.1.1.20, when run on Apple OS X, logs all data via the "logfile", which allows attackers to obtain potentially sensitive information...

CentOS 3 / 4 : sysreport (CESA-2005:502)

An updated sysreport package that fixes an information disclosure flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team Sysreport is a utility that gathers information about a system's hardware and configuration. The information...

iPlanet.txt

Summary ---------------- Date: 14 Jun 2006 Vendor: Sun Microsystems, Inc. Name: iPlanet Messaging Server Version: 5.2 HotFix 1.16 built May 14 2003 Vuln: msg.conf symlink attack Severity: high Software description ---------------- The iPlanet Messaging Server is a software product that provides a...

Sun iPlanet Messaging Server 5.2 HotFix 1.16 - Root Password Disclosure

Sun iPlanet Messaging Server 5.2 HotFix 1.16 - Root Password Disclosure Date: 14 Jun 2006 Vendor: Sun Microsystems, Inc. Name: iPlanet Messaging Server Version: 5.2 HotFix 1.16 built May 14 2003 Vuln: msg.conf symlink attack Severity: high Software description ---------------- The iPlanet Messagi...

Sun iPlanet Messaging Server 5.2 HotFix 1.16 - Root Password Disclosure

Date: 14 Jun 2006 Vendor: Sun Microsystems, Inc. Name: iPlanet Messaging Server Version: 5.2 HotFix 1.16 built May 14 2003 Vuln: msg.conf symlink attack Severity: high Software description ---------------- The iPlanet Messaging Server is a software product that provides a centralized location for...

KDE kdm symbolic links problem

Suid root application tries to read configuration from /.dmrc file without checking for symbolic links. It makes it possible to read few trings from any file with symbolic link...

[Full-disclosure] Sun iPlanet Messaging Server 5.2 root password compromise

Summary ---------------- Date: 14 Jun 2006 Vendor: Sun Microsystems, Inc. Name: iPlanet Messaging Server Version: 5.2 HotFix 1.16 built May 14 2003 Vuln: msg.conf symlink attack Severity: high Software description ---------------- The iPlanet Messaging Server is a software product that provides a...

CVE-2006-2752

The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc RedCarpet password...

Design/Logic Flaw

The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc RedCarpet password...

CVE-2006-2752

The CVE-2006-2752 entry concerns the RedCarpet credentials file /etc/ximian/rcd.conf on Novell Linux Desktop 9 and SUSE SLES 9, where world-readable permissions expose the rc (RedCarpet) password. Affected components: the rc configuration file in the RedCarpet component. Root cause: file permissi...

CVE-2006-2752

The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc RedCarpet password...