CVE-2012-0863

Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file...

CVE-2012-0863

Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file...

CVE-2012-0863

CVE-2012-0863 affects Mumble up through version 1.2.3 where the client stores its data in the file ~/.local/share/data/Mumble/.mumble.sqlite with world-readable permissions. This allows a local attacker to read the database and obtain cleartext passwords and configuration data. Multiple distribut...

Fedora Update for xkeyboard-config FEDORA-2012-0709

Check for the Version of xkeyboard-config OpenVAS Vulnerability Test Fedora Update for xkeyboard-config FEDORA-2012-0709 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modi...

[SECURITY] Fedora 15 Update: xkeyboard-config-2.3-3.fc15

This package contains configuration data used by the X Keyboard Extension XKB, which allows selection of keyboard layouts when using a graphical interface...

Integer overflow

Integer overflow in the loadiface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 might allow context-dependent attackers to execute arbitrary code via a 1 file or 2 socket that provides configuration data with many entries, leading to a heap-based buffer overflow...

CVE-2009-2856

Sun Virtual Desktop Infrastructure VDI 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-data requests by sniffing LDAP sessions on the...

CVE-2009-2160

TorrentTrader Classic 1.09 allows remote attackers to 1 obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function; and allows remote attackers to 2 obtain other potentially sensitive information via a direct request to check.php...

Design/Logic Flaw

IBM WebSphere Process Server WPS 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the 1 JMSAPI, 2 ESCALATION, and 3...

CVE-2009-0507

The CVE-2009-0507 entry concerns IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1. The vulnerability arises because the administrative console’s export of the cluster configuration file does not properly restrict configuration data, enabling remote authenticated user...

CVE-2009-0507

IBM WebSphere Process Server WPS 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the 1 JMSAPI, 2 ESCALATION, and 3...

Hedgehog-CMS 1.21 (LFI) Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl |----------------------------------------------------------------------------------------------------------------------------------| | INFORMATIONS |...

3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass

Exploit for hardware platform in category remote exploits ================================================================== 3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass ================================================================== Original Advisory:...

Xen 3.3 - XenStore Domain Configuration Data Unsafe Storage

Xen 3.3 - XenStore Domain Configuration Data Unsafe Storage source: https://www.securityfocus.com/bid/31499/info Xen is prone to a vulnerability that results in configuration information being stored in a location that is writable by guest domains. UPDATE December 19, 2008: The initial proposed...

Improper access control

The Admin Server in Sun Java Active Server Pages ASP Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents...

CVE-2008-2402

The Admin Server in Sun Java Active Server Pages ASP Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents...

CVE-2008-2402

The Admin Server in Sun Java Active Server Pages ASP Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents...

CVE-2008-2402

CVE-2008-2402 involves Sun Java System Active Server Pages (ASP) Server prior to 4.0.3. The Admin Server stores sensitive information under the web root with insufficient access control, allowing remote attackers to read password hashes and configuration data via direct requests for unspecified d...

Cross site scripting

The management interface in ZyNOS firmware 3.62WK.6 on the Zyxel Zywall 2 device allows remote authenticated administrators to cause a denial of service infinite reboot loop via invalid configuration data. NOTE: this issue might not cross privilege boundaries, and it might be resultant from CSRF;...

CVE-2007-4319

The management interface in ZyNOS firmware 3.62WK.6 on the Zyxel Zywall 2 device allows remote authenticated administrators to cause a denial of service infinite reboot loop via invalid configuration data. NOTE: this issue might not cross privilege boundaries, and it might be resultant from CSRF;...