2872 matches found
PHPHeaven PHPMyChat Cross-site Scripting Vulnerablitiy
www.phpheaven.net/ Vulnerable versions: PHPMyChat 0.14.5 Proof of concept: http://www.example.com/chat/config/start-page.css.php3?Charset=iso-8859-1&medium=10&FontName=scriptvar20test=1;alerttest;/script...
CVE-2004-2049
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access...
CVE-2005-1177
Unknown vulnerability in 1 Webmin and 2 Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact...
CVE-2005-0070
Synaesthesia 2.1 and earlier, and possibly other versions, when installed setuid root, does not drop privileges before processing configuration and mixer files, which allows local users to read arbitrary files...
CVE-2005-1177
Unknown vulnerability in 1 Webmin and 2 Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact...
CVE-2005-1177
Unknown vulnerability in 1 Webmin and 2 Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact...
Bakbone NetVault Multiple Vulnerabilities
Binary data 2784.prm...
CVE-2002-1595
The CVE-2002-1595 entry concerns Cisco SN 5420 Storage Router (version 1.1(5) and earlier). The vulnerability allows an attacker to read configuration files without authorization via network access (attack vector: network; authentication: none; impact: partial confidentiality). The NVD entry assi...
[Full-Disclosure] [USN-88-1] reportbug information disclosure
=========================================================== Ubuntu Security Notice USN-88-1 February 28, 2005 reportbug information disclosure https://bugzilla.ubuntulinux.org/6600 https://bugzilla.ubuntulinux.org/6717 =========================================================== A security issue...
iDEFENSE Security Advisory 02.28.05: KPPP Privileged File Descriptor Leak Vulnerability
KPPP Privileged File Descriptor Leak Vulnerability iDEFENSE Security Advisory 02.28.05 www.idefense.com/application/poi/display?id=208&type=vulnerabilities February 28, 2005 I. BACKGROUND KPPP is a dialer and front end for pppd. It allows for interactive script generation and network setup. More...
CVE-2005-0070
Removed by vendor...
DSA-681-1 synaesthesia - privilege escalation
Bulletin has no description...
IlohaMail Configuration Scripts Remote Disclosure
The remote host is running Ilohamail, a web-based mail interface written in PHP. The remote installation of this software is not configured properly, in the sense that it allows any user to download its configuration files by requesting the '/conf/conf.inc' or '/conf/customauth.inc' file. The...
IlohaMail Multiple Configuration Files Remote Information Disclosure
The target is running at least one instance of IlohaMail that allows anyone to retrieve its configuration files over the web. These files may contain sensitive information. For example, conf/conf.inc may hold a username / password used for SMTP authentication. %NASLMINLEVEL 70300 This script was...
CVE-2004-2049
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access...
CVE-2004-2323
DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config...
Encrypt all passwords stored on the file system
Passwords are not encrypted in confluence-mail.cfg.xml nor in confluence.cfg.xml; they should be. Resolve an encryption scheme for anything requiring security stored on the file system...
RHEL 2.1 : apache (RHSA-2003:360)
Updated Apache packages that fix a minor security issue are now available for Red Hat Enterprise Linux. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. An issue in the handling of regular expressions from configuration files was discovered in...
Server Alive week password encryption
Product Description : Servers Alive is an end-to-end network monitor program. Among the many checks it can do: it can monitor any Winsock service, ping a host, check if an NT service/process is running, check the available disk space on a server, retrieve an URL, check your database engine, and...
BUG IN APACHE HTTPD SERVER (current version 2.0.47)
APACHE HTTPD SERVER current version 2.0.47: How to return files in a Apache Deny All directory. The Directives controlling host access may be bypassed even if they have not permission to be override. 11 Jan 2004 DESCRIPTION Apache Web Server allows manage configurations via the main httpd.conf...