Lucene search
K

2872 matches found

securityvulns
securityvulns
added 2005/05/14 12:0 a.m.574 views

PHPHeaven PHPMyChat Cross-site Scripting Vulnerablitiy

www.phpheaven.net/ Vulnerable versions: PHPMyChat 0.14.5 Proof of concept: http://www.example.com/chat/config/start-page.css.php3?Charset=iso-8859-1&medium=10&FontName=scriptvar20test=1;alerttest;/script...

0.4AI score
Exploits0
Cvelist
Cvelist
added 2005/05/10 4:0 a.m.22 views

CVE-2004-2049

eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access...

6.7AI score0.00355EPSS
Exploits0References6
NVD
NVD
added 2005/05/02 4:0 a.m.17 views

CVE-2005-1177

Unknown vulnerability in 1 Webmin and 2 Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact...

10CVSS6.5AI score0.01776EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2005/05/02 4:0 a.m.21 views

CVE-2005-0070

Synaesthesia 2.1 and earlier, and possibly other versions, when installed setuid root, does not drop privileges before processing configuration and mixer files, which allows local users to read arbitrary files...

7.2CVSS6AI score0.00369EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2005/05/02 4:0 a.m.28 views

CVE-2005-1177

Unknown vulnerability in 1 Webmin and 2 Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact...

10CVSS5.9AI score0.01776EPSS
Exploits0References1
Cvelist
Cvelist
added 2005/04/19 4:0 a.m.24 views

CVE-2005-1177

Unknown vulnerability in 1 Webmin and 2 Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact...

6.5AI score0.01776EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2005/04/04 12:0 a.m.14 views

Bakbone NetVault Multiple Vulnerabilities

Binary data 2784.prm...

10CVSS7.3AI score0.57017EPSS
Exploits8References7
CVE
CVE
added 2005/03/13 5:0 a.m.48 views

CVE-2002-1595

The CVE-2002-1595 entry concerns Cisco SN 5420 Storage Router (version 1.1(5) and earlier). The vulnerability allows an attacker to read configuration files without authorization via network access (attack vector: network; authentication: none; impact: partial confidentiality). The NVD entry assi...

5CVSS6.5AI score0.02126EPSS
Exploits0References4Affected Software1
securityvulns
securityvulns
added 2005/02/28 12:0 a.m.30 views

[Full-Disclosure] [USN-88-1] reportbug information disclosure

=========================================================== Ubuntu Security Notice USN-88-1 February 28, 2005 reportbug information disclosure https://bugzilla.ubuntulinux.org/6600 https://bugzilla.ubuntulinux.org/6717 =========================================================== A security issue...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2005/02/28 12:0 a.m.41 views

iDEFENSE Security Advisory 02.28.05: KPPP Privileged File Descriptor Leak Vulnerability

KPPP Privileged File Descriptor Leak Vulnerability iDEFENSE Security Advisory 02.28.05 www.idefense.com/application/poi/display?id=208&type=vulnerabilities February 28, 2005 I. BACKGROUND KPPP is a dialer and front end for pppd. It allows for interactive script generation and network setup. More...

4.6CVSS0.9AI score0.0036EPSS
Exploits0
Debian CVE
Debian CVE
added 2005/02/16 5:0 a.m.13 views

CVE-2005-0070

Removed by vendor...

7.2CVSS6.7AI score0.00369EPSS
Exploits0
OSV
OSV
added 2005/02/14 12:0 a.m.17 views

DSA-681-1 synaesthesia - privilege escalation

Bulletin has no description...

7.2CVSS6.2AI score0.00369EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/01/13 12:0 a.m.26 views

IlohaMail Configuration Scripts Remote Disclosure

The remote host is running Ilohamail, a web-based mail interface written in PHP. The remote installation of this software is not configured properly, in the sense that it allows any user to download its configuration files by requesting the '/conf/conf.inc' or '/conf/customauth.inc' file. The...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2005/01/12 12:0 a.m.24 views

IlohaMail Multiple Configuration Files Remote Information Disclosure

The target is running at least one instance of IlohaMail that allows anyone to retrieve its configuration files over the web. These files may contain sensitive information. For example, conf/conf.inc may hold a username / password used for SMTP authentication. %NASLMINLEVEL 70300 This script was...

5.5AI score
Exploits0References1
NVD
NVD
added 2004/12/31 5:0 a.m.17 views

CVE-2004-2049

eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access...

4.6CVSS6.8AI score0.00355EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2004/12/31 5:0 a.m.3 views

CVE-2004-2323

DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config...

5CVSS5.7AI score0.014EPSS
Exploits0References6
Atlassian
Atlassian
added 2004/11/14 11:3 p.m.29 views

Encrypt all passwords stored on the file system

Passwords are not encrypted in confluence-mail.cfg.xml nor in confluence.cfg.xml; they should be. Resolve an encryption scheme for anything requiring security stored on the file system...

1.5AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2004/07/06 12:0 a.m.30 views

RHEL 2.1 : apache (RHSA-2003:360)

Updated Apache packages that fix a minor security issue are now available for Red Hat Enterprise Linux. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. An issue in the handling of regular expressions from configuration files was discovered in...

7.2CVSS5.9AI score0.1273EPSS
Exploits0References4
securityvulns
securityvulns
added 2004/04/14 12:0 a.m.43 views

Server Alive week password encryption

Product Description : Servers Alive is an end-to-end network monitor program. Among the many checks it can do: it can monitor any Winsock service, ping a host, check if an NT service/process is running, check the available disk space on a server, retrieve an URL, check your database engine, and...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2004/02/03 12:0 a.m.37 views

BUG IN APACHE HTTPD SERVER (current version 2.0.47)

APACHE HTTPD SERVER current version 2.0.47: How to return files in a Apache Deny All directory. The Directives controlling host access may be bypassed even if they have not permission to be override. 11 Jan 2004 DESCRIPTION Apache Web Server allows manage configurations via the main httpd.conf...

7.8AI score
Exploits0
Rows per page
Query Builder