Lucene search
+L

665 matches found

Packet Storm
Packet Storm
added 2007/12/14 12:0 a.m.29 views

skyline.py.txt

!python C 2007 kcope production from ftplib import FTP import sys import socket print "Sendmail/Postfix FORWARD Remote Exploit" print "kcope/2007 - hey alex,andi" if lensys.argv != 4: print "usage: skyline.py " sys.exit hostname = sys.argv1 username = sys.argv2 password = sys.argv3 print "+ INITI...

7.4AI score
Exploits0
NVD
NVD
added 2007/11/01 4:46 p.m.12 views

CVE-2007-5778

Mobile Spy 1 stores login credentials in cleartext under the RetinaxStudios registry key, and 2 sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network...

7.5CVSS7.3AI score0.0119EPSS
Exploits0References7
Prion
Prion
added 2007/11/01 4:46 p.m.12 views

Information disclosure

Mobile Spy 1 stores login credentials in cleartext under the RetinaxStudios registry key, and 2 sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network...

6.4CVSS6.5AI score0.0119EPSS
Exploits0References7
CVE
CVE
added 2007/11/01 4:4 p.m.40 views

CVE-2007-5778

CVE-2007-5778 affects Mobile Spy (Retinax Studios). The vulnerability arises from storing login credentials in cleartext under the RetinaxStudios registry key and transmitting login data over cleartext HTTP, enabling credential exposure through registry access or network sniffing. The connected P...

7.5CVSS7.3AI score0.0119EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2007/11/01 4:4 p.m.19 views

CVE-2007-5778

Mobile Spy 1 stores login credentials in cleartext under the RetinaxStudios registry key, and 2 sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network...

7.3AI score0.0119EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2007/11/01 12:0 a.m.237 views

SSH Authorization Check

This script tries to login with provided credentials. If the login was successful, it marks this port as available for any authenticated tests. SPDX-FileCopyrightText: 2007,2008,2009,2010,2011,2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2007/10/26 12:0 a.m.19 views

contentcustom-disclose.txt

CONTENTCustomizer Trick: Hit Ctrl+Y on a page that ContentCustomizer controls and it brings you to the login screen ; Dork: inurl:"generator/default.php?doc=" Other fun stuff: dialog.php?action=del&doc='+pagename // Delete dialog.php?action=delbackup&doc='+pagename // Delete Backup...

7.4AI score
Exploits0
Prion
Prion
added 2007/10/12 11:17 p.m.15 views

Code injection

include/imageupload.js in the MyFTPUploader module in Stride 1.0 contains sensitive information including FTP login credentials, which might allow remote attackers to gain unauthorized access to the FTP server being used by the module by viewing the source code...

7.8CVSS7.2AI score0.0155EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2007/10/12 11:0 p.m.23 views

CVE-2007-5431

include/imageupload.js in the MyFTPUploader module in Stride 1.0 contains sensitive information including FTP login credentials, which might allow remote attackers to gain unauthorized access to the FTP server being used by the module by viewing the source code...

6.5AI score0.0155EPSS
Exploits1References4
Prion
Prion
added 2007/09/26 11:17 p.m.25 views

Cross site scripting

Cross-site scripting XSS vulnerability in session.cgi aka the login page in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. NOTE: this can be leveraged to capture login credential...

4.3CVSS5.8AI score0.0232EPSS
Exploits1References10Affected Software1
NVD
NVD
added 2007/09/24 10:17 p.m.17 views

CVE-2007-5063

Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt...

5CVSS6.4AI score0.06243EPSS
Exploits0References3
Prion
Prion
added 2007/09/24 10:17 p.m.16 views

Improper access control

Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt...

5CVSS6.9AI score0.06243EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2007/09/24 10:0 p.m.29 views

CVE-2007-5063

Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt...

6.4AI score0.06243EPSS
Exploits0References3
CVE
CVE
added 2007/09/24 10:0 p.m.99 views

CVE-2007-5063

CVE-2007-5063 affects Flip 3.0 and earlier, where sensitive information is stored under the web root with insufficient access control. An unauthenticated remote attacker can directly request var/users.txt and download a file containing login credentials. The provided documents do not specify affe...

5CVSS6.4AI score0.06243EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2007/09/18 10:17 p.m.9 views

Design/Logic Flaw

Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' double-quote space sequence followed by the -autologin and -loginuri arguments, whic...

5CVSS7.2AI score0.01284EPSS
Exploits0References5Affected Software1
Packet Storm
Packet Storm
added 2007/07/21 12:0 a.m.37 views

blogsite-sql.txt

--==+================================================================================+==-- --==+ BlogSite Professional SQL Injection Vulnerbility +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE: N/A DORK:...

7.4AI score
Exploits0
F5 Networks
F5 Networks
added 2007/05/16 12:0 a.m.33 views

SOL4369 - Configuration utility login vulnerability - CR45786

BIG-IP 9.0.2 through 9.0.4 cache login credentials for the Configuration utility. Once a user is logged in, the cache does not check the password entered for additional sessions under that user name. As a result, it is possible to gain access to the BIG-IP Configuration utility without a password...

1.8AI score
Exploits0
CVE
CVE
added 2007/05/11 4:0 p.m.56 views

CVE-2007-2619

CVE-2007-2619 affects Symantec pcAnywhere 11.5.x and 12.0.x, where unencrypted login credentials can reside in process memory. The description indicates local administrators can read memory to retrieve credentials, making this a local access issue. No explicit exploit details or mitigation are pr...

4.6CVSS6.3AI score0.00323EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2007/04/30 12:0 a.m.10 views

GLSA-200704-18 : Courier-IMAP: Remote execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200704-18 Courier-IMAP: Remote execution of arbitrary code CJ Kucera has discovered that some Courier-IMAP scripts don't properly handle the XMAILDIR variable, allowing for shell command injection. Impact : A remote attacker could...

6.5AI score
Exploits0References1
Gentoo Linux
Gentoo Linux
added 2007/04/22 12:0 a.m.29 views

Courier-IMAP: Remote execution of arbitrary code

Background Courier-IMAP is an IMAP server which is part of the Courier mail system. It provides access only to maildirs. Description CJ Kucera has discovered that some Courier-IMAP scripts don't properly handle the XMAILDIR variable, allowing for shell command injection. Impact A remote attacker...

5.3AI score
Exploits0
Rows per page
Query Builder