1445 matches found
CVE-2007-3483
Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary third-party applications on BlackBerry devices, which might facilitate loading of malware...
Grandstream Budge Tone-200 IP Phone - Digest domain Denial of Service
!/usr/bin/perl MADYNES Security Advisory http://madynes.loria.fr Title: Grandstream Budge Tone-200 denial of service vulnerability Release Date: 21/03/2007 Severity: High - Denial of Service Advisory ID:KIPH3 Hardware: Grandstream Budge Tone-200 IP Phone...
DEBIAN-CVE-2007-1507
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the...
CVE-2007-1338
The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connections" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected...
Default configuration
The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data...
CVE-2007-1184
The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data...
PT-2007-2464 · Red Hat · Jboss
Name of the Vulnerable Software and Affected Versions: JBoss affected versions not specified Description: The default configuration of JBoss does not restrict access to the console and web management interfaces, allowing remote attackers to bypass authentication and gain administrative access...
[Full-disclosure] Cisco Security Advisory: Cisco Router Web Setup Ships with Insecure Default IOS Configuration
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Router Web Setup Ships with Insecure Default IOS Configuration Document ID: 70650 Advisory ID: cisco-sa-20060712-crws http://www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtml Revision 1.0 For Public Release 2006...
USN-308-1: shadow vulnerability
Ilja van Sprundel discovered that passwd, when called with the -f, -g, or -s option, did not check the result of the setuid call. On systems that configure PAM limits for the maximum number of user processes, a local attacker could exploit this to execute chfn, gpasswd, or chsh with root...
Re[2]: The Weakness of Windows Impersonation Model
thanks for reference David. As advisory notes impersonation implications are not something new. We would like to stress the fact of how easy it is to exploit by two notable samples. - An attacker can reliably elevate a context running on behalf of Network Service acccount. For example, by default...
Cisco Application Velocity System TCP port relaying
Default configuration allows any TCP port to be accessed with transparent HTTP proxy request...
Default configuration
The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service traffic amplification via DNS queries with...
DEBIAN-CVE-2006-0987
The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service traffic amplification via DNS queries with...
Default configuration
Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of "Do not scan compressed files when Extracted file count exceeds 500 files," which may be too low in certain circumstances, which allows remote...
CVE-2006-0642
Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of "Do not scan compressed files when Extracted file count exceeds 500 files," which may be too low in certain circumstances, which allows remote...
Default configuration
The default configuration of the America Online AOL client software allows all users to modify a certain registry value that specifies a DLL file name, which might allow local users to gain privileges via a Trojan horse program...
Design/Logic Flaw
The default configuration of Fluffington FLog 1.01 installs users.0.dat under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information login credentials via a direct request. NOTE: It was later reported that 1.1.2 is also affected...
CVE-2006-0352
The default configuration of Fluffington FLog 1.01 installs users.0.dat under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information login credentials via a direct request. NOTE: It was later reported that 1.1.2 is also affected...
Oracle 9i Application Server SOAP Default Configuration Vulnerability - Active Check
In a default installation of Oracle 9i Application Server AS v.1.0.2.2, it is possible to deploy or undeploy SOAP services without the need of any kind of credentials. SPDX-FileCopyrightText: 2003 Javier Fernandez-Sanguino Some text descriptions might be excerpted from a referenced sources, and a...
[Full-disclosure] ELSA Lancom Router Discloses the Administrator Password to Remote Users
It is reported that the default configuration allows a remote user to connect to the router via port 80 with a web browser and obtain the remote access password, which is apparently stored in clear text. The remote user can also change the router's configuration and can remotely upgrade the...