Lucene search
K

1445 matches found

NVD
NVD
added 2007/06/28 8:30 p.m.14 views

CVE-2007-3483

Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary third-party applications on BlackBerry devices, which might facilitate loading of malware...

10CVSS6.7AI score0.01446EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2007/03/21 12:0 a.m.40 views

Grandstream Budge Tone-200 IP Phone - Digest domain Denial of Service

!/usr/bin/perl MADYNES Security Advisory http://madynes.loria.fr Title: Grandstream Budge Tone-200 denial of service vulnerability Release Date: 21/03/2007 Severity: High - Denial of Service Advisory ID:KIPH3 Hardware: Grandstream Budge Tone-200 IP Phone...

7.4AI score
Exploits0
OSV
OSV
added 2007/03/20 10:19 a.m.3 views

DEBIAN-CVE-2007-1507

The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the...

7.5CVSS6.6AI score0.02522EPSS
Exploits0References1
Cvelist
Cvelist
added 2007/03/07 11:0 p.m.21 views

CVE-2007-1338

The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connections" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected...

6.3AI score0.02659EPSS
Exploits0References8
Prion
Prion
added 2007/03/02 9:18 p.m.16 views

Default configuration

The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data...

5CVSS7AI score0.01047EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2007/03/02 9:18 p.m.2 views

CVE-2007-1184

The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data...

5CVSS5.5AI score0.01047EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2007/02/21 12:0 a.m.7 views

PT-2007-2464 · Red Hat · Jboss

Name of the Vulnerable Software and Affected Versions: JBoss affected versions not specified Description: The default configuration of JBoss does not restrict access to the console and web management interfaces, allowing remote attackers to bypass authentication and gain administrative access...

7.5CVSS7.6AI score0.81775EPSS
Exploits5References17
securityvulns
securityvulns
added 2006/07/12 12:0 a.m.39 views

[Full-disclosure] Cisco Security Advisory: Cisco Router Web Setup Ships with Insecure Default IOS Configuration

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Router Web Setup Ships with Insecure Default IOS Configuration Document ID: 70650 Advisory ID: cisco-sa-20060712-crws http://www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtml Revision 1.0 For Public Release 2006...

0.4AI score
Exploits0
Ubuntu
Ubuntu
added 2006/07/06 7:29 a.m.41 views

USN-308-1: shadow vulnerability

Ilja van Sprundel discovered that passwd, when called with the -f, -g, or -s option, did not check the result of the setuid call. On systems that configure PAM limits for the maximum number of user processes, a local attacker could exploit this to execute chfn, gpasswd, or chsh with root...

7.2CVSS5.5AI score0.00341EPSS
Exploits0
securityvulns
securityvulns
added 2006/05/20 12:0 a.m.39 views

Re[2]: The Weakness of Windows Impersonation Model

thanks for reference David. As advisory notes impersonation implications are not something new. We would like to stress the fact of how easy it is to exploit by two notable samples. - An attacker can reliably elevate a context running on behalf of Network Service acccount. For example, by default...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2006/05/11 12:0 a.m.48 views

Cisco Application Velocity System TCP port relaying

Default configuration allows any TCP port to be accessed with transparent HTTP proxy request...

1.4AI score
Exploits0References1Affected Software2
Prion
Prion
added 2006/03/03 11:2 a.m.41 views

Default configuration

The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service traffic amplification via DNS queries with...

5CVSS6.8AI score0.5726EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2006/03/03 11:2 a.m.3 views

DEBIAN-CVE-2006-0987

The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service traffic amplification via DNS queries with...

5CVSS6.9AI score0.5726EPSS
Exploits2References1
Prion
Prion
added 2006/02/10 11:2 a.m.21 views

Default configuration

Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of "Do not scan compressed files when Extracted file count exceeds 500 files," which may be too low in certain circumstances, which allows remote...

5.1CVSS7.3AI score0.01874EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2006/02/10 11:2 a.m.16 views

CVE-2006-0642

Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of "Do not scan compressed files when Extracted file count exceeds 500 files," which may be too low in certain circumstances, which allows remote...

5.1CVSS6.8AI score0.01874EPSS
Exploits0References9
Prion
Prion
added 2006/02/02 11:2 a.m.22 views

Default configuration

The default configuration of the America Online AOL client software allows all users to modify a certain registry value that specifies a DLL file name, which might allow local users to gain privileges via a Trojan horse program...

7.2CVSS7AI score0.00358EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2006/01/21 1:3 a.m.17 views

Design/Logic Flaw

The default configuration of Fluffington FLog 1.01 installs users.0.dat under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information login credentials via a direct request. NOTE: It was later reported that 1.1.2 is also affected...

5CVSS6.7AI score0.01425EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2006/01/21 1:3 a.m.10 views

CVE-2006-0352

The default configuration of Fluffington FLog 1.01 installs users.0.dat under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information login credentials via a direct request. NOTE: It was later reported that 1.1.2 is also affected...

5CVSS6.2AI score0.01425EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.625 views

Oracle 9i Application Server SOAP Default Configuration Vulnerability - Active Check

In a default installation of Oracle 9i Application Server AS v.1.0.2.2, it is possible to deploy or undeploy SOAP services without the need of any kind of credentials. SPDX-FileCopyrightText: 2003 Javier Fernandez-Sanguino Some text descriptions might be excerpted from a referenced sources, and a...

7.5CVSS5.3AI score0.12299EPSS
Exploits1References5
securityvulns
securityvulns
added 2005/08/31 12:0 a.m.25 views

[Full-disclosure] ELSA Lancom Router Discloses the Administrator Password to Remote Users

It is reported that the default configuration allows a remote user to connect to the router via port 80 with a web browser and obtain the remote access password, which is apparently stored in clear text. The remote user can also change the router's configuration and can remotely upgrade the...

2.4AI score
Exploits0
Rows per page
Query Builder