[Full-disclosure] Password disclosure and remote access in Netcool/NeuSecure Security information management platform

Multiple security information disclosure paths and remote access Netcool/NeuSecure Security information management platform . Cleartext-storage of passwords in the configuration file Cleartext reporting of user password in the log Default backend Mysql database user and remote access. Laxed...

CVE-2004-2164

VP-ASP 5.0 is affected by CVE-2004-2164 due to shoprestoreorder.asp not closing the database connection after restoring a previous order, enabling potential denial of service via resource exhaustion. The available sources describe the impact as a connection consumption issue but do not provide co...

CVE-2005-1997

The CVE-2005-1997 vulnerability affects McGallery 1.1, specifically the show.php component. The issue arises when a modified host parameter enables remote attackers to connect to arbitrary databases or to trigger error conditions that disclose sensitive information. The underlying fault is the ha...

CVE-2004-2164

shoprestoreorder.asp in VP-ASP 5.0 does not close the database connection when a user restores a previous order, which allows remote attackers to cause a denial of service connection consumption...

New Macromedia Security Zone Bulletin Posted

Security Bulletin MPSB 04-05 Potential Risk in Dreamweaver Remote Database Connectivity Originally posted: April 1, 2004 Last updated: April 1, 2004 Summary: Dreamweaver's remote database connectivity for testing dynamic database-driven websites installs scripts that may reveal DSNs to outside...

dbtools weak encryption

Account for database connection is stored in .mdb file...

CoolForum v 0.5 beta shows content of PHP files

CoolForum v 0.5 beta shows content of PHP files The original document can be found at http://www.securiteinfo.com/attaques/hacking/coolforum05.shtml .oO Overview Oo. CoolForum v 0.5 beta shows PHP content files Discovered on 2002, September, 16th Vendor: http://www.coolforum.net CoolForum v 0.5 i...

CVE-2001-0645

Symantec/AXENT NetProwler 3.5.x contains several default passwords, which could allow remote attackers to 1 access to the management tier via the "admin" password, or 2 connect to a MySQL ODBC from the management tier using a blank password...

3 phpnuke bugs (2 possibly lead to admin privs)

phpnuke www.phpnuke.org is an opensource webpage portal powers many websites on the net. Version 5.x of phpnuke does not properly check some variables, and is vulnerable to an attack that gives an intruder admin privileges. This is only possible if the intruder knows the database name that phpnuk...

Microsoft ODBC Driver 17 for SQL Server

Product category for MS ODBC Driver 17 for SQL Server...