4598 matches found
Netgear FM114P Wireless Firewall - File Disclosure
source: https://www.securityfocus.com/bid/6807/info Netgear FM114P Wireless Firewalls allow directory traversal using escaped character sequences. It is possible for an unauthenticated user to retrieve the firewall's configuration file by escaping from the /upnp/service directory...
Cedric Email Reader 0.4 - Global Configuration Script Remote File Inclusion
source: https://www.securityfocus.com/bid/6820/info It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is present in the 'emailreaderexecuteoneachpage.inc.php' script. Under some...
Cedric Email Reader 0.4 - Global Configuration Script Remote File Inclusion
Cedric Email Reader 0.4 - Global Configuration Script Remote File Inclusion source: https://www.securityfocus.com/bid/6820/info It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is...
Cedric Email Reader 0.2/0.3 - Skin Configuration Script Remote File Inclusion
source: https://www.securityfocus.com/bid/6818/info It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is present in the 'email.php' script. Under some circumstances, it is possible fo...
Critical: Red Hat Security Advisory: openldap security update
Updated OpenLDAP packages are available which fix a number of local and remote buffer overflows in libldap as well as the slapd and slurpd daemons. Additionally, potential issues stemming from using user-specified LDAP configuration files have been addressed. Updated 06 Feb 2003 Added fixed...
Longshine Wireless Access Point Devices Information Disclosure Vulnerability
Description The Longshine LCS-883R-AC-B device will allow tftp connections. An attacker can exploit this vulnerability to connect via tftp to the access point and download the configuration file without any authentication. The configuration file contains sensitive information including the...
CVE-2002-1840
irssi IRC client 0.8.4, when downloaded after 14-March-2002, could contain a backdoor in the configuration file, which allows remote attackers to access the system...
CVE-2002-1892
NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information...
CVE-2002-1279
Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, and 0.2.x before 0.2.15, allow local users to gain privileges via certain entries in the configuration file -C option...
CVE-2002-1279
Removed by vendor...
CVE-2002-1279
Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, and 0.2.x before 0.2.15, allow local users to gain privileges via certain entries in the configuration file -C option...
syslog-ng buffer overflow
Buffer overflow in parsing $HOST variable in configuration file...
TightAuction 3.0 - Config.INC Information Disclosure
TightAuction 3.0 - Config.INC Information Disclosure source: https://www.securityfocus.com/bid/5850/info TightAuction is prone to an information disclosure vulnerability. The configuration file config.inc contains sensitive information such as database authentication credentials. It is possible f...
TightAuction 3.0 - Config.INC Information Disclosure
source: https://www.securityfocus.com/bid/5850/info TightAuction is prone to an information disclosure vulnerability. The configuration file config.inc contains sensitive information such as database authentication credentials. It is possible for remote attackers to retrieve this file via a web...
PHPGB 1.1/1.2 - PHP Code Injection
source: https://www.securityfocus.com/bid/5679/info phpGB is subject to a PHP code injection vulnerability. After bypassing authentication it is possible to inject code into the guestbook configuration file config.php by supplying malicious parameters for the savesettings.php script. The...
Trend Micro OfficeScan ofcscan.ini Configuration File Disclosure
The remote Trend Micro OfficeScan Corporate Edition Japanese version: Virus Buster Corporate Edition web-based management console allows unauthenticated access to files under '/officescan/hotdownload'. Reading the configuration file 'ofcscan.ini' under that location will reveal information about...
CVE-2002-0428
Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the toexpire or expire values in the client's users.C configuration file...
iSCSI weak permissions
File /etc/iscsi.conf is open for writing...
CVE-2002-0552
Multiple buffer overflows in Melange Chat server 2.02 allow remote or local attackers to cause a denial of service crash and possibly execute arbitrary code via 1 a long argument in the /yell command, 2 long lines in the /etc/melange.conf configuration file, 3 long file names, or possibly other...
CVE-2001-1162
Summary of CVE-2001-1162: A directory traversal flaw in the Samba SMB server permits remote overwriting of files via the NetBIOS name used for a log file. The vulnerability stems from the %m macro in smb.conf, allowing a path like ‘..’ to reference files outside the intended log location. Affecte...