Easy File Sharing Web Server 1.2 - Information Disclosure

Easy File Sharing Web Server 1.2 - Information Disclosure source: https://www.securityfocus.com/bid/8777/info Easy File Sharing Web Server has been reported prone to an information disclosure vulnerability. The issue presents itself due to insecure default permissions set on folders that contain...

Easy File Sharing Web Server 1.2 - Information Disclosure

source: https://www.securityfocus.com/bid/8777/info Easy File Sharing Web Server has been reported prone to an information disclosure vulnerability. The issue presents itself due to insecure default permissions set on folders that contain Easy File Sharing Web Server log and configuration files. ...

RealPlayer 9 *nix Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits ==================================================== RealPlayer 9 nix Local Privilege Escalation Exploit ==================================================== / rp9-priv-esc.c A local privilege escalation attack against the community supported...

RealPlayer 9 *nix - Local Privilege Escalation

RealPlayer 9 nix - Local Privilege Escalation / rp9-priv-esc.c A local privilege escalation attack against the community supported version of Real.com's Realplayer, version 9. Written by: Jon Hart warchild spoofed.org By default, configuration files are stored in $USER/.realnetworks/, but all the...

RealOne Player for Linux 2.2 Alpha - Insecure Configuration File Permission Privilege Escalation

RealOne Player for Linux 2.2 Alpha - Insecure Configuration File Permission Privilege Escalation // source: https://www.securityfocus.com/bid/8571/info The configuration files for the RealOne Player are installed in the a hidden folder in a users home directory. The issue presents itself, because...

[Full-Disclosure] RealOne Player local privilege escalation

Greetings, RealOne Player for the UNIX platform, sometimes referred to as the "community supported" realplayer version 9, installs per-user configuration files with group write permissions by default. On most UNIX variants, this is a serious issue as most users belong to the same group and...

Asus AAM6000EV unauthorized web access

It's possible to obtain configuration files though web interface...

Mike Bobbitt Album.PL 0.61 - Remote Command Execution

source: https://www.securityfocus.com/bid/7444/info A remote command execution vulnerability has been reported for Album.pl. The vulnerability reportedly exists when alternate configuration files are used. The precise technical details of this vulnerability are currently unknown. This BID will be...

Oracle 9iAS XSQLServlet soapConfig.xml Authentication Credentials Disclosure

In a default installation of Oracle 9iAS v.1.0.2.2.1, it is possible to access some configuration files. These files include detailed information on how the product was installed on the server including where the SOAP provider and service manager are located as well as administrative URLs to acce...

FreeNews & News Evolution (PHP)

Informations : °°°°°°°°°°°°°° Problem : Include files a ------------------- Product : Freenews Version : 2.1 Website : http://www.prologin.fr ---------------------- b ------------------- Product : News Evolution Versions : 1.0, 2.0 Website : http://www.phpevolution.net ---------------------- PHP...

CVE-2002-0568

Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting 1 XSQLConfig.xml or 2 soapConfig.xml through a virtual directory...

CVE-2002-0569

Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet XSQLServlet...

CVE-2001-1258

Horde Internet Messaging Program IMP before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server...

CVE-2001-1258

CVE-2001-1258 affects the Horde IMP before 2.2.6. According to the Debian DSA-073-1 advisory and related sources, a hostile user who can place a publicly readable prefs.lang file on the Apache/PHP server can have that file executed as PHP code, enabling access to config data and potentially the H...

CVE-2002-0103

An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by 1 running webcached or 2 obtaining the administrator password from webcache.xml...

Слабые разрешения в PaintBBS (weak permissions)

Конфигурационные файлы открыты на запись и чтение...

Локальные проблемы с UUCP (privilege escalation)

Возможно запустить uucp С конфигурационным файлом указанным пользователем и euid uucp. Кроме того - слабые разрешения на /usr/lib/uucp в некоторых дистрибутивах...

CVE-2002-1595

Cisco SN 5420 Storage Router 1.15 and earlier allows attackers to read configuration files without authorization...

IRM Security Advisory 002: Netware Web Server Source Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- IRM Security Advisory No. 002 Netware Web Server 5.1 Sample Page Source Disclosure Vulnerablity Type / Importance: Information Leakage / High Problem discovered: November 18th 2001...

CVE-2001-0713

Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as 1 macro names that ar...