Working Resources 1.7.3 BadBlue - Null Byte File Disclosure

source: https://www.securityfocus.com/bid/5226/info BadBlue is a P2P file sharing application distributed by Working Resources. It is available for Microsoft Windows operating systems. It has been discovered that a request passed to a BadBlue server containing a null byte at the end of a file nam...

CVE-2002-0428

Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the toexpire or expire values in the client's users.C configuration file...

CVE-2002-0568

Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting 1 XSQLConfig.xml or 2 soapConfig.xml through a virtual directory...

Cleartext password in Volution Manager

Cleartext password stored in /etc/ldap/slapd.conf...

CVE-2002-0274

Exim 3.34 and earlier may allow local users to gain privileges via a buffer overflow in long -C configuration file and other command line arguments...

QNX RTOS 4.25 - CRTTrap File Disclosure

QNX RTOS 4.25 - CRTTrap File Disclosure source: https://www.securityfocus.com/bid/4901/info The QNX RTOS crttrap binary includes a command-line option for specifying a configuration file. crttrap is installed setuid by default. crttrap Local attackers may specify an arbitrary system file in place...

QPopper 4.0.4 buffer overflow

Affected versions 4.0.3 and 4.0.4. default install. Servers, not processing users configuration file /.qpopper-options are insensible to this bug. popbull.c ----------- int CopyOneBull POP p, long bnum, char name FILE bull; char buffer MAXMSGLINELEN ; BOOL inheader = TRUE; BOOL firstline = TRUE;...

Unauthorized remote control access to Funk Proxy

Weak file permissions, decryptable password and unauthorized access to configuration file allow to obtain administrator's password...

Abyss Web Server 1.0 - File Disclosure

Abyss Web Server 1.0 - File Disclosure source: https://www.securityfocus.com/bid/4466/info Abyss Web Server is a freely available personal web server. It is maintained by Aprelium Technologies and runs on Microsoft Windows operating systems, as well as Linux. It is possible for a remote attacker ...

CVE-2002-0137

CVE-2002-0137 affects CDRDAO 1.1.4 and 1.1.5, where a local user can exploit a symlink to overwrite the user’s ~/.cdrdao configuration file and potentially escalate. The Mandrake advisory (MDKSA-2005:089) notes a second vulnerability (read arbitrary files) and confirms that the packages have been...

XDMCP leaks sensitive information by default configuration

Overview An information leakage vulnerability exists in the default configuration of the X Display Management Console Protocol XDMCP daemon. Description On some operating systems, the X Display Manager Control Protocol XDMCP daemon is set to permit remote access to the local machine from any host...

Command execution in phprojekt.

"PHProjekt is a modular application for the coordination of group activities and to share informations and document via intranet and internet. Components of PHProjekt: Group calendar, project management, time card system, file management, contact manager, mail client and 9 other modules ...featur...

CVE-1999-1100

CVE-1999-1100 affects Cisco PIX Private Link 4.1.6 and earlier. The vulnerability arises because certain configuration-file commands cause the DES key length to effectively shrink from 56 bits to 48 bits, easing brute-force key discovery. This is the root cause and the primary impact described in...

CVE-2001-0983

UltraEdit uses weak encryption to record FTP passwords in the uedit32.ini file, which allows local users who can read the file to decrypt the passwords and gain privileges...

Cisco SN 5420 Storage Router fails to properly authenticate user before granting read access to configuration file

Overview It is possible to read the stored configuration file from the Cisco SN 5420 Storage Router without any authorization. This can lead to an intruder gaining access to the storage space on the router. Description A vulnerability has been discovered in the Cisco SN 5420 Storage Router softwa...

CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (2)

CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link 2 source: https://www.securityfocus.com/bid/3865/info CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller. When CDRDAO saves...

CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (4)

CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link 4 source: https://www.securityfocus.com/bid/3865/info CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller. When CDRDAO saves...

CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (1)

source: https://www.securityfocus.com/bid/3865/info CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller. When CDRDAO saves it's configuration to the .cdrdao file in a user's home directory,...

CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (3)

CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link 3 source: https://www.securityfocus.com/bid/3865/info CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller. When CDRDAO saves...

Слабые разрешения в Norton Antivirus (weak permissions)

Файл конфигурации с общими настройками хранится в профиле All Users открытый на запись группе Users...