CVE-2000-0018

wmmon in FreeBSD allows local users to gain privileges via the .wmmonrc configuration file...

CVE-1999-1549

Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands...

CVE-1999-1344

AutoFTP.pl script in AutoFTP 0.2 stores usernames and passwords in plaintext in the autoftp.conf configuration file...

realserver.passwd.txt

Date: Wed, 14 Apr 1999 10:45:50 +0200 From: Francisco M. Marzoa Alonso To: [email protected] Subject: Real Media Server stores passwords in plain text My real media server information: fmmarzoa@alexander:/usr/local/rserver/Bin rmserver -version Creating Server Space... Starting RealServer 6.0...

pegasus.mail.passwd.txt

Date: Sat, 15 May 1999 12:42:12 +0000 From: galldor To: [email protected] Subject: Pegasus Mail weak encryption --------------------------------------------------------------------- Pegasus Mail Weak Encryption Versions Effected: ALL but I wrote about the V2 encryption on 3.0+ Bug Found by:...

CVE-1999-0754

The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable...

Microsoft Site Server Commerce Edition 3.0 alpha - AdSamples Sensitive Information

source: https://www.securityfocus.com/bid/256/info A vulnerability in Microsoft Site Server's Ad Server Sample directory allows the retrieval of a site's configuration file SITE.CSC which contains sensitive information pertaining to an SQL database. The AdSamples directory is a part of the Ad...

Microsoft Site Server Commerce Edition 3.0 alpha - AdSamples Sensitive Information

Microsoft Site Server Commerce Edition 3.0 alpha - AdSamples Sensitive Information source: https://www.securityfocus.com/bid/256/info A vulnerability in Microsoft Site Server's Ad Server Sample directory allows the retrieval of a site's configuration file SITE.CSC which contains sensitive...

CVE-1999-1323

Norton AntiVirus for Internet Email Gateways NAVIEG 1.0.1.7 and earlier, and Norton AntiVirus for MS Exchange NAVMSE 1.5 and earlier, store the administrator password in cleartext in 1 the navieg.ini file for NAVIEG, and 2 the ModifyPassword registry key in NAVMSE...

CVE-1999-1229

Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file...

CVE-1999-1125

Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file...

CVE-1999-1296

Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos configuration file, which can be specified via the KRBCONF environmental variable...

CVE-2024-36081

Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network...

CVE-2024-35341

Certain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFile.ini or /config.xml URIs. This configuration file contains usernames and encrypted passwords encrypted with a hardcoded key common to all devices. This...