2865 matches found
CVE-2007-5358
Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow 1 remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or 2 local users to execute arbitrary code via a long...
CVE-2007-5358
Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow 1 remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or 2 local users to execute arbitrary code via a long...
CVE-2007-5358
Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow 1 remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or 2 local users to execute arbitrary code via a long...
AST-2007-022: Buffer overflows in voicemail when using IMAP storage
Asterisk Project Security Advisory - AST-2007-022 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Buffer overflows in voicemail when using IMAP | | | storage |...
EZPhotoSales Multiple Configuration Files Remote Information Disclosure
The remote host is running EZPhotoSales, a web-based photo gallery application for photographers written in PHP. The version of EZPhotoSales installed on the remote host fails to restrict access to configuration files used by the application. An unauthenticated, remote attacker can leverage this...
Design/Logic Flaw
Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring o...
CVE-2007-0042
Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring o...
CVE-2007-0042
Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring o...
Information disclosure
The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information...
CVE-2007-2700
The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information...
CVE-2007-2700
The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information...
Design/Logic Flaw
Bradford CampusManager Network Control Application Server 3.16 allows remote attackers to obtain sensitive information backup, log, and configuration files via direct request for certain files in 1 /runTime/ or 2 /remediationReports/...
CVE-2007-2147
admin/options.php in Stephen Craton aka WiredPHP Chatness 2.5.3 and earlier does not check for administrative credentials, which allows remote attackers to read and modify the classes/vars.php and classes/varstuff.php configuration files via direct requests...
CVE-2007-2147
admin/options.php in Stephen Craton aka WiredPHP Chatness 2.5.3 and earlier does not check for administrative credentials, which allows remote attackers to read and modify the classes/vars.php and classes/varstuff.php configuration files via direct requests...
CVE-2007-2147
The CVE-2007-2147 entry affects Stephen Craton (WiredPHP) Chatness 2.5.3 and earlier. The issue is that admin/options.php does not verify administrative credentials, allowing remote attackers to read and modify the configuration files classes/vars.php and classes/varstuff.php via direct requests....
CVE-2006-7142
The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive...
CVE-2006-7142
The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive...
CVE-2006-7142
The CVE-2006-7142 entry concerns Utimaco Safeguard’s centralized management feature, which stores hard-coded cryptographic keys inside executable binaries for encrypted configuration files. The underlying issue is hard-coded keys that can be extracted from the configuration files, enabling attack...
iDefense Security Advisory 01.09.07: Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability
Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability iDefense Security Advisory 01.09.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 09, 2007 I. BACKGROUND Adobe Macromedia ColdFusion is an application server and development framework for websites. More information is...
Buffer overflow
Buffer overflow in the SMBConnectServer function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMBHandleType instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that...