665 matches found
skyline.py.txt
!python C 2007 kcope production from ftplib import FTP import sys import socket print "Sendmail/Postfix FORWARD Remote Exploit" print "kcope/2007 - hey alex,andi" if lensys.argv != 4: print "usage: skyline.py " sys.exit hostname = sys.argv1 username = sys.argv2 password = sys.argv3 print "+ INITI...
CVE-2007-5778
Mobile Spy 1 stores login credentials in cleartext under the RetinaxStudios registry key, and 2 sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network...
Information disclosure
Mobile Spy 1 stores login credentials in cleartext under the RetinaxStudios registry key, and 2 sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network...
CVE-2007-5778
CVE-2007-5778 affects Mobile Spy (Retinax Studios). The vulnerability arises from storing login credentials in cleartext under the RetinaxStudios registry key and transmitting login data over cleartext HTTP, enabling credential exposure through registry access or network sniffing. The connected P...
CVE-2007-5778
Mobile Spy 1 stores login credentials in cleartext under the RetinaxStudios registry key, and 2 sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network...
SSH Authorization Check
This script tries to login with provided credentials. If the login was successful, it marks this port as available for any authenticated tests. SPDX-FileCopyrightText: 2007,2008,2009,2010,2011,2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright...
contentcustom-disclose.txt
CONTENTCustomizer Trick: Hit Ctrl+Y on a page that ContentCustomizer controls and it brings you to the login screen ; Dork: inurl:"generator/default.php?doc=" Other fun stuff: dialog.php?action=del&doc='+pagename // Delete dialog.php?action=delbackup&doc='+pagename // Delete Backup...
Code injection
include/imageupload.js in the MyFTPUploader module in Stride 1.0 contains sensitive information including FTP login credentials, which might allow remote attackers to gain unauthorized access to the FTP server being used by the module by viewing the source code...
CVE-2007-5431
include/imageupload.js in the MyFTPUploader module in Stride 1.0 contains sensitive information including FTP login credentials, which might allow remote attackers to gain unauthorized access to the FTP server being used by the module by viewing the source code...
Cross site scripting
Cross-site scripting XSS vulnerability in session.cgi aka the login page in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. NOTE: this can be leveraged to capture login credential...
CVE-2007-5063
Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt...
Improper access control
Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt...
CVE-2007-5063
Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt...
CVE-2007-5063
CVE-2007-5063 affects Flip 3.0 and earlier, where sensitive information is stored under the web root with insufficient access control. An unauthenticated remote attacker can directly request var/users.txt and download a file containing login credentials. The provided documents do not specify affe...
Design/Logic Flaw
Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' double-quote space sequence followed by the -autologin and -loginuri arguments, whic...
blogsite-sql.txt
--==+================================================================================+==-- --==+ BlogSite Professional SQL Injection Vulnerbility +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE: N/A DORK:...
SOL4369 - Configuration utility login vulnerability - CR45786
BIG-IP 9.0.2 through 9.0.4 cache login credentials for the Configuration utility. Once a user is logged in, the cache does not check the password entered for additional sessions under that user name. As a result, it is possible to gain access to the BIG-IP Configuration utility without a password...
CVE-2007-2619
CVE-2007-2619 affects Symantec pcAnywhere 11.5.x and 12.0.x, where unencrypted login credentials can reside in process memory. The description indicates local administrators can read memory to retrieve credentials, making this a local access issue. No explicit exploit details or mitigation are pr...
GLSA-200704-18 : Courier-IMAP: Remote execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200704-18 Courier-IMAP: Remote execution of arbitrary code CJ Kucera has discovered that some Courier-IMAP scripts don't properly handle the XMAILDIR variable, allowing for shell command injection. Impact : A remote attacker could...
Courier-IMAP: Remote execution of arbitrary code
Background Courier-IMAP is an IMAP server which is part of the Courier mail system. It provides access only to maildirs. Description CJ Kucera has discovered that some Courier-IMAP scripts don't properly handle the XMAILDIR variable, allowing for shell command injection. Impact A remote attacker...