2865 matches found
IlohaMail Readable Configuration Files
The target is running at least one instance of IlohaMail that allows anyone to retrieve its configuration files over the web. These files may contain sensitive information. For example, conf/conf.inc may hold a username / password used for SMTP authentication. OpenVAS Vulnerability Test $Id:...
ht://Dig's htsearch reveals web server path
ht://Dig SPDX-FileCopyrightText: 2000 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10385";...
IlohaMail Readable Configuration Files
The target is running at least one instance of IlohaMail that allows anyone to retrieve its configuration files over the web. These files may contain sensitive information. For example, conf/conf.inc may hold a username / password used for SMTP authentication. SPDX-FileCopyrightText: 2005 George ...
CVE-2005-3088
fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords...
CVE-2005-3088
fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords...
CVE-2005-3088
fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords...
PHP Advanced Transfer Manager <= 1.30 Multiple Vulnerabilities
The version of PHP Advanced Transfer Manager on the remote host suffers from multiple information disclosure and cross-site scripting flaws. For example, by calling a text or HTML viewer directly, an unauthenticated attacker can view arbitrary files, provided PHP's 'registerglobals' setting is...
CVE-2004-2323
DotNetNuke (formerly IBuySpy Workshop) 1.0.6–1.0.10d is affected. A remote attacker can obtain sensitive information, including the SQL server username and password, by performing a GET request for source or configuration files such as Web.config. This vulnerability exposes credentials and arises...
Low security hole affecting Mentor's ADSLFR4II router
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've found a number of low risk issues with Mentor's ADSLFR4II router. I initially spoke to them on the 20th July, passing them full details of my findings on the 21st of July. I then emailed them again on the 4th of August asking for an update and...
CVE-2005-2285
WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remote attackers to obtain information such as Usernames, Passwords, Emergency information, medical information, and system configuration...
CVE-2005-2285
WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remote attackers to obtain information such as Usernames, Passwords, Emergency information, medical information, and system configuration...
Oracle JDeveloper Plaintext Passwords
Name Oracle JDeveloper Plaintext Passwords Systems Affected Oracle JDeveloper 9.0.4, 9.0.5, 10.1.2 Severity Low Risk Category Information Disclosure of Passwords Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 13 July 2005 V 1.00 Advisory...
qpopper -- multiple privilege escalation vulnerabilities
Jens Steube reports that qpopper is vulnerable to a privilege escalation vulnerability. qpopper does not properly drop root privileges so that user supplied configuration and trace files can be processed with root privileges. This could allow a local attacker to create or modify arbitrary files...
PHPHeaven PHPMyChat Cross-site Scripting Vulnerablitiy
www.phpheaven.net/ Vulnerable versions: PHPMyChat 0.14.5 Proof of concept: http://www.example.com/chat/config/start-page.css.php3?Charset=iso-8859-1&medium=10&FontName=scriptvar20test=1;alerttest;/script...
CVE-2004-2049
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access...
CVE-2005-0070
Synaesthesia 2.1 and earlier, and possibly other versions, when installed setuid root, does not drop privileges before processing configuration and mixer files, which allows local users to read arbitrary files...
CVE-2005-1177
Unknown vulnerability in 1 Webmin and 2 Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact...
CVE-2005-1177
Unknown vulnerability in 1 Webmin and 2 Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact...
CVE-2005-1177
Unknown vulnerability in 1 Webmin and 2 Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact...
Bakbone NetVault Multiple Vulnerabilities
Binary data 2784.prm...