CVE-2007-5816

dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to obtain sensitive author credentials by making a request with an editauthor action, then reading the value of the newlocalpassword password input field in the HTML source of the resulting page...

Design/Logic Flaw

Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php...

Thyme Calendar 1.3 Remote SQL Injection Vulnerability

No description provided by source. Thyme Calendar 1.3 SQL Vulnerability Exploit by Warlord codehook.110mb.com ------------------------------------------------------------------- OVERVIEW AND DEFINITION --------------------------...

Thyme Calendar 1.3 Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ===================================================== Thyme Calendar 1.3 Remote SQL Injection Vulnerability ===================================================== Thyme Calendar 1.3 SQL Vulnerability Exploit by Warlord...

Thyme Calendar 1.3 - SQL Injection

Thyme Calendar 1.3 SQL Vulnerability Exploit by Warlord codehook.110mb.com ------------------------------------------------------------------- OVERVIEW AND DEFINITION ------------------------------------------------------------------- A vulnerability in exists in Thyme Calendar 1.3 and possibly...

Thyme Calendar 1.3 - SQL Injection

Thyme Calendar 1.3 - SQL Injection Thyme Calendar 1.3 SQL Vulnerability Exploit by Warlord codehook.110mb.com ------------------------------------------------------------------- OVERVIEW AND DEFINITION ------------------------------------------------------------------- A vulnerability in exists i...

Lotus Domino <= R6 Webmail Remote Password Hash Dumper Exploit

Exploit for unknown platform in category remote exploits ============================================================== Lotus Domino Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attacke...

CVE-2006-6964

MailEnable Professional prior to v1.78 contains an information disclosure vulnerability: when an administrator edits a user’s settings, a cleartext user password is exposed in the HTML source. This allows remote authenticated administrators to obtain sensitive information. The affected product/co...

Free resources undetected streaming media download technical overview-vulnerability warning-the black bar safety net

Now focus on the description I'm looking for the url of the experience: 1, From html source code to find Open IE to view/view source file in the Notepad and then find the Streaming Media protocols such as rtsp\pnm\mms\mmst, etc. or find it in the extension swf\wmv\rm\asf\avi, maybe you can see...

UBBThreads-md5.txt

UBBThreads 5.x,6.x md5 hash disclosure ------------------------------------------- Using XSS such as the one reported earlier: http://site/ubbpath/index.php?debug=xss will allow you to inject javascript and steal MD5 Hashes from: http://site/ubbpath/editbasic.php The MD5 is automatically included...

CVE-2005-4029

WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could be useful in other attacks such as locking out valid users via brute force methods...

CVE-2005-4029

WebEOC (pre-6.0.2) is affected by CVE-2005-4029. The issue allows remote attackers to read valid usernames from the HTML source on the WebEOC login page, which could enable further attacks such as brute-forcing to lock out legitimate users. The connected Red Hat and CVE records confirm the same v...

Cisco VPN Concentrator HTML Source Cleartext Password Disclosure (Bug ID CSCdv88230, CSCdw22408)

Binary data 2225.prm...

Cisco VPN Concentrator HTML Source Cleartext Password Disclosure (Bug ID CSCdv88230, CSCdw22408)

Binary data 2227.prm...

Web Protector 2.0 - Trivial Encryption

Web Protector 2.0 - Trivial Encryption source: https://www.securityfocus.com/bid/7409/info Web protector has been reported prone to a trivial encryption weakness. It has been reported that the method used to obfuscate and protect the HTML source of web pages implementing Web Protector is flawed a...

CoffeeCup Software Password Wizard 4.0 - HTML Source Password Retrieval

CoffeeCup Software Password Wizard 4.0 - HTML Source Password Retrieval // source: https://www.securityfocus.com/bid/7023/info A problem with the software may make it possible for remote users to gain unauthorized access to restricted resources. This vulnerability exists in Password Wizard...

CoffeeCup Software Password Wizard 4.0 - HTML Source Password Retrieval

// source: https://www.securityfocus.com/bid/7023/info A problem with the software may make it possible for remote users to gain unauthorized access to restricted resources. This vulnerability exists in Password Wizard configured to generate Java applets to password protect pages. Specifically, t...

Cisco VPN 3000 Concentrator HTML Source Plaintext User Password Disclosure (CSCdv88230, CSCdw22408)

The remote VPN concentrator discloses the passwords of its users in the source HTML of the embedded web server. This vulnerability is documented as Cisco bug ID CSCdv88230 and CSCdw22408. C Tenable Network Security, Inc. Thanks to Nicolas FISCHBACH [email protected] for his help Ref:...

CVE-2002-1097

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Management pages...

hypo_linksys_advisory.txt

:UPDATE hypoclear security advisory UPDATE: Update Note: Thanks to the guys on the vuln-watch list who helped with a better solution! Vendor : Linksys | http://www.linksys.com/ Product : EtherFast 4-Port Cable/DSL Router Category : Design Flaw Date : 08-02-01 Update : 08-02-01 CONTENTS 1. Overvie...