Lucene search
+L

9298 matches found

prion
prion
added 2009/08/28 3:30 p.m.18 views

Improper access control

WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log...

5CVSS7.4AI score0.02445EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2009/08/28 3:0 p.m.27 views

CVE-2008-7118

WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log...

6.7AI score0.02445EPSS
Exploits1References3
nvd
nvd
added 2009/08/27 5:30 p.m.21 views

CVE-2009-2977

The Cisco Security Monitoring, Analysis and Response System CS-MARS 6.0.4 and earlier stores cleartext passwords in log/sysbacktrace. files within error-logs.tar.gz archives, which allows context-dependent attackers to obtain sensitive information by reading these files...

3.3CVSS6.1AI score0.00534EPSS
Exploits0References6
securityvulns
securityvulns
added 2009/08/25 12:0 a.m.23 views

Cisco CS-MARS information leak

User's password may be stored in server logs...

1.5AI score
Exploits0References1
nvd
nvd
added 2009/06/09 8:30 p.m.22 views

CVE-2009-1296

The eCryptfs support utilities ecryptfs-utils 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root...

1.9CVSS6.1AI score0.00293EPSS
Exploits0References4
prion
prion
added 2009/06/09 8:30 p.m.17 views

Design/Logic Flaw

The eCryptfs support utilities ecryptfs-utils 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root...

1.9CVSS6.6AI score0.00293EPSS
Exploits0References4Affected Software2
ubuntucve
ubuntucve
added 2009/06/09 8:30 p.m.26 views

CVE-2009-1296

The eCryptfs support utilities ecryptfs-utils 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root...

1.9CVSS5.9AI score0.00293EPSS
Exploits0References2
osv
osv
added 2009/06/09 8:30 p.m.6 views

DEBIAN-CVE-2009-1296

The eCryptfs support utilities ecryptfs-utils 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root...

1.9CVSS6.6AI score0.00293EPSS
Exploits0References1
cvelist
cvelist
added 2009/06/09 8:0 p.m.32 views

CVE-2009-1296

The eCryptfs support utilities ecryptfs-utils 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root...

6AI score0.00293EPSS
Exploits0References4
debiancve
debiancve
added 2009/06/09 8:0 p.m.53 views

CVE-2009-1296

The eCryptfs support utilities ecryptfs-utils 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root...

1.9CVSS6AI score0.00293EPSS
Exploits0
cve
cve
added 2009/06/09 8:0 p.m.70 views

CVE-2009-1296

The CVE-2009-1296 case concerns the eCryptfs utilities (ecryptfs-utils) version 73-0ubuntu6.1 on Ubuntu 9.04, where the mount passphrase is stored in installation logs. The logs are root-readable, so a local attacker could read the log files on disk and obtain the passphrase, potentially gaining ...

1.9CVSS6.1AI score0.00293EPSS
Exploits0References4Affected Software2
openvas
openvas
added 2009/06/09 12:0 a.m.20 views

Ubuntu: Security Advisory (USN-783-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

1.9CVSS6.8AI score0.00293EPSS
Exploits0References2
nessus
nessus
added 2009/06/09 12:0 a.m.31 views

Ubuntu 9.04 : ecryptfs-utils vulnerability (USN-783-1)

Chris Jones discovered that the eCryptfs support utilities would report the mount passphrase into installation logs when an eCryptfs home directory was selected during Ubuntu installation. The logs are only readable by the root user, but this still left the mount passphrase unencrypted on disk,...

1.9CVSS5.4AI score0.00293EPSS
Exploits0References2
packetstorm
packetstorm
added 2009/06/03 12:0 a.m.25 views

Unclassified NewsBoard 1.6.4 SQL Injection / Disclosure

Author girex Homepage girex.altervista.org Date 31/05/2009 CMS Unclassified NewsBoard 1.6.4 and maybe lower Dork "This board is powered by the Unclassified NewsBoard software, 1.6.4" Multiple remote vulnerabilities 1 Remote SQL Injection php.ini regardless 2 Logs File Disclosure registerglobals =...

0.3AI score
Exploits0
seebug
seebug
added 2009/06/01 12:0 a.m.41 views

Unclassified NewsBoard 1.6.4 Multiple Remote Vulnerabilities

No description provided by source. Author girex Homepage girex.altervista.org Date 31/05/2009 CMS Unclassified NewsBoard 1.6.4 and maybe lower Dork "This board is powered by the Unclassified NewsBoard software, 1.6.4" Multiple remote vulnerabilities 1 Remote SQL Injection php.ini regardless 2 Log...

7.1AI score
Exploits0
zdt
zdt
added 2009/06/01 12:0 a.m.196 views

Unclassified NewsBoard 1.6.4 Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ============================================================ Unclassified NewsBoard 1.6.4 Multiple Remote Vulnerabilities ============================================================ Author girex Date 31/05/2009 CMS Unclassified NewsBoard...

7.1AI score
Exploits0
exploitdb
exploitdb
added 2009/06/01 12:0 a.m.278 views

unclassified NewsBoard 1.6.4 - Multiple Vulnerabilities

Author girex Homepage girex.altervista.org Date 31/05/2009 CMS Unclassified NewsBoard 1.6.4 and maybe lower Dork "This board is powered by the Unclassified NewsBoard software, 1.6.4" Multiple remote vulnerabilities 1 Remote SQL Injection php.ini regardless 2 Logs File Disclosure registerglobals =...

7AI score
Exploits0
exploitpack
exploitpack
added 2009/06/01 12:0 a.m.51 views

unclassified NewsBoard 1.6.4 - Multiple Vulnerabilities

unclassified NewsBoard 1.6.4 - Multiple Vulnerabilities Author girex Homepage girex.altervista.org Date 31/05/2009 CMS Unclassified NewsBoard 1.6.4 and maybe lower Dork "This board is powered by the Unclassified NewsBoard software, 1.6.4" Multiple remote vulnerabilities 1 Remote SQL Injection...

0.4AI score
Exploits0
prion
prion
added 2009/05/22 8:30 p.m.19 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Ulteo Open Virtual Desktop 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to 1 admin/applications.php, 2 admin/appsgroup.php, 3 admin/users.php, 4 admin/usersgroup.php, and 5 admin/tasks.php; 6 show...

4.3CVSS6.1AI score0.01033EPSS
Exploits0References4Affected Software1
ptsecurity
ptsecurity
added 2009/05/22 12:0 a.m.7 views

PT-2009-4245 · Ulteo · Ulteo Open Virtual Desktop

Name of the Vulnerable Software and Affected Versions: Ulteo Open Virtual Desktop version 1.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting XSS attacks. This can be achieved via several API endpoints, including...

4.3CVSS5.8AI score0.01033EPSS
Exploits0References5
Rows per page
Query Builder