569 matches found
PicketBox: Insecure storage of masked passwords
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file...
Cisco WebEx One-Click Password Disclosure
The remote host has a version of Cisco WebEx One-Click installed that stores credentials in the registry using a key that can be easily derived. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid69275; scriptversion"1.4";...
DLink DIR-615 Hardware rev D3 / DIR-300 - Hardware rev A - Multiple Vulnerabilities
Exploit for hardware platform in category web applications Device Name: DIR-615 - Hardware revision D3 / DIR-300 - Hardware revision A Vendor: D-Link ============ Device Description: ============ DIR-300: http://www.dlink.com/de/de/home-solutions/connect/routers/dir-300-wirele... DIR-615:...
D-Link DIR-600 / DIR-300 Command Execution / Bypass / Disclosure
Device Name: DIR-600 / DIR 300 - HW rev B1 Vendor: D-Link ============ Vulnerable Firmware Releases - DIR-300: ============ Firmware Version : 2.12 - 18.01.2012 Firmware Version : 2.13 - 07.11.2012 ============ Vulnerable Firmware Releases - DIR-600: ============ Firmware-Version : 2.12b02 -...
RealNetworks Helix Server 14.x < 14.3.x Multiple Vulnerabilities
Binary data 6502.prm...
Apache Mod_Auth_OpenID - Session Stealing
Apache ModAuthOpenID - Session Stealing https://github.com/paranoid/modauthopenid/blob/master/CVE-2012-2760.markdown Security Advisory 1201 Summary : Session stealing Date : May 2012 Affected versions : all versions prior to modauthopenid-0.7 ID : modauthopenid-1201 CVE reference : CVE-2012-2760...
Mod_Auth_OpenID Session Stealing Vulnerability
Exploit for linux platform in category local exploits Security Advisory 1201 Summary : Session stealing Date : May 2012 Affected versions : all versions prior to modauthopenid-0.7 ID : modauthopenid-1201 CVE reference : CVE-2012-2760 Details Session ids are stored insecurely in...
Mod_Auth_OpenID Session Stealing
https://github.com/paranoid/modauthopenid/blob/master/CVE-2012-2760.markdown Security Advisory 1201 Summary : Session stealing Date : May 2012 Affected versions : all versions prior to modauthopenid-0.7 ID : modauthopenid-1201 CVE reference : CVE-2012-2760 Details Session ids are stored insecurel...
Oracle Solaris 10回滚补丁文件密码哈希泄露漏洞
CVE ID: CVE-2011-0412 Solaris是Sun Microsystems研发的计算机操作系统。 Oracle Solaris 10回滚补丁文件undo.Z包含未授权用户可读的密码哈希,本地用户可通过此漏洞泄露敏感信息。 此安全漏洞源于某些软件包的/var/sadm/pkg/pkgname/save/patchid/以不安全方式存储了"undo.Z"回滚文件,可导致提取包含root和其他用户的密码哈希的文件。 Sun Solaris 10.0 厂商补丁: Sun --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Request Tracker (RT) 3.6.x - 3.6.7, 3.8.x - 3.8.8 Information Disclosure Vulnerability
Request Tracker RT is prone to an information disclosure vulnerability because it fails to securely store passwords. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Cyberoam SSL VPN Client - Plain-text Storage of Username and Password
Cyberoam SSL VPN Client - Plain-text Storage of Username and Password Vulnerability Summary: Product: Cyberoam SSL VPN Client v1.0 Vendor: eLiteCore Website: http://www.cyberoam.com/ Platform: Windows Vulnerability Classification: Insecure Storage of User Credentials Issue Fixed in Version:...
CORELAN-10-008 - Multiple vulnerabilities found in evalmsi 2.1.03
|------------------------------------------------------------------| | | | / / / / | | / / / / / / / / / / / | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | [email protected] | | |...
CVE-2008-6871
Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request...
Klinzmann A-A-S XSRF / Code Execution
Syhunt: A-A-S Application Access Server Multiple Security Vulnerabilities Advisory-ID: 200905111 Discovery Date: 3.23.2009 Release Date: 5.11.2009 Affected Applications: A-A-S 2.0.48 and possibly older versions Class: XSRF Cross Site Request Forgery Arbitrary Command Execution, Undocumented Defau...
Syhunt: A-A-S (Application Access Server) Multiple Security Vulnerabilities
Syhunt: A-A-S Application Access Server Multiple Security Vulnerabilities Advisory-ID: 200905111 Discovery Date: 3.23.2009 Release Date: 5.11.2009 Affected Applications: A-A-S 2.0.48 and possibly older versions Class: XSRF Cross Site Request Forgery Arbitrary Command Execution, Undocumented Defau...
CVE-2008-6599
cookiecheck.php in CookieCheck 1.0 stores tmp/ccsessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path."...
Linksys/Cisco WRT350N 1.0.3.7 Insecure Samba Static Configuration
As of today 25 September 2008, I am using the latest 1.0.3.7 firmware for my region Singapore, US also use this version. 1/ Outdated Samba 3.0.2, vulnerable to numerous security holes. 2/ Default admin:admin user 3/ Default open guest user, noway to disable it 4/ It is impossible to disable SAMBA...
Philips VOIP841 (Firmware <= 1.0.4.800) Multiple Vulnerabilities
No description provided by source. .: Philips VOIP841 Multiple Vulnerabilities :. Luca "ikki" Carettoni - [email protected] Systems affected: Philips VOIP841, Firmware Version 1.0.4.50 and 1.0.4.80, Web Server Version 1.5 simple httpd Systems not affected: n/a a Hidden Administration...
Philips VOIP841 Multiple Vulnerabilities
Secure Network - Security Research Advisory Vuln name: Philips VOIP841 Multiple Vulnerabilities Systems affected: Philips VOIP841, Firmware Version 1.0.4.50 and 1.0.4.80, Web Server Version 1.5 simple httpd Systems not affected: n/a Severity: High Local/Remote: Remote Vendor URL:...
Philips VOIP841 Firmware 1.0.4.800 - Multiple Vulnerabilities
Philips VOIP841 Firmware 1.0.4.800 - Multiple Vulnerabilities .: Philips VOIP841 Multiple Vulnerabilities :. Luca "ikki" Carettoni - [email protected] Systems affected: Philips VOIP841, Firmware Version 1.0.4.50 and 1.0.4.80, Web Server Version 1.5 simple httpd Systems not affected: n/a...