2865 matches found
CVE-2008-2717
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multipl...
msearch directory traversal vulnerability
Overview msearch, a full-text search engine for web sites, contains a directory traversal vulnerability when used on Windows and Linux servers. Impact A remote attacker could view msearch configuration files, index files, and other files written in the same format as these files. Solution None...
CVE-2008-0167
The writearrayfile function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances...
CVE-2008-0167
The writearrayfile function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances...
CVE-2008-0167
The writearrayfile function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances...
Aztech ADSL2/2+ 4 Port default password
Playing around with the configuration files will reveal…..even though the admin accounts password has been changed, there is still another administrative account burried in there. username: isp password: isp Sneaks one past [email protected] http://www.elitter.net...
Debian DSA-1525-1 : asterisk - several vulnerabilities
Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-6430 Tilghman Lesher discovered that database-based registrations are insufficiently validate...
[SECURITY] Fedora 7 Update: openldap-2.3.34-6.fc7
OpenLDAP is an open source suite of LDAP Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols for accessing directory services usually phone book style information, but other information is possible over the Internet, similar to the way DNS Domain...
OZJournals 2.1.1 - id File Disclosure
OZJournals 2.1.1 - id File Disclosure Name: OZJournals 2.1.1 Webiste: http://www.aqonlinenetworks.com/ Vulnerability type: Local File Exposure Author: shinmai, 2008-01-21 Description: OZJournals uses .php-files as it's storage, and posts are read from them with the getcontents-function. This...
Debian Security Advisory DSA 1075-1 (awstats)
The remote host is missing an update to awstats announced via advisory DSA 1075-1. Hendrik Weimer discovered that awstats can execute arbitrary commands under the user id the web-server runs when users are allowed to supply arbitrary configuration files. Even though, this bug was referenced in DS...
Debian: Security Advisory (DSA-681-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Analysis of Linux Backdoor techniques and practices-the vulnerability of early warning-the black bar safety net
| | Page 1 of: analysis of the Linux Backdoor technique and practice methods --- | --- The back door introduction The intruder complete control of the system, to facilitate the next time you enter and use a technology. Generally by modifying system configuration files and installation of...
GLSA-200712-11 : Portage: Information disclosure
The remote host is affected by the vulnerability described in GLSA-200712-11 Portage: Information disclosure Mike Frysinger reported that the 'etc-update' utility uses temporary files with the standard umask, which results in the files being world-readable when merging configuration files in a...
[ GLSA 200712-11 ] Portage: Information disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200712-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...
Portage: Information disclosure
Background Portage is the default Gentoo package management system. Description Mike Frysinger reported that the "etc-update" utility uses temporary files with the standard umask, which results in the files being world-readable when merging configuration files in a default setup. Impact A local...
Information disclosure
Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information...
CVE-2007-6267
Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information...
CVE-2007-6267
Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information...
CVE-2007-6267
CVE-2007-6267 affects Citrix EdgeSight components: Presentation Server (4.2/4.5), Endpoints (4.2/4.5), and NetScaler EdgeSight (1.0/1.1). The root cause is improper storage of database credentials in configuration files, enabling local users to obtain sensitive information. The available sources ...
Buffer overflow
Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow 1 remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or 2 local users to execute arbitrary code via a long...