9298 matches found
Improper access control
WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log...
CVE-2008-7118
WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log...
CVE-2009-2977
The Cisco Security Monitoring, Analysis and Response System CS-MARS 6.0.4 and earlier stores cleartext passwords in log/sysbacktrace. files within error-logs.tar.gz archives, which allows context-dependent attackers to obtain sensitive information by reading these files...
Cisco CS-MARS information leak
User's password may be stored in server logs...
CVE-2009-1296
The eCryptfs support utilities ecryptfs-utils 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root...
Design/Logic Flaw
The eCryptfs support utilities ecryptfs-utils 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root...
CVE-2009-1296
The eCryptfs support utilities ecryptfs-utils 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root...
DEBIAN-CVE-2009-1296
The eCryptfs support utilities ecryptfs-utils 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root...
CVE-2009-1296
The eCryptfs support utilities ecryptfs-utils 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root...
CVE-2009-1296
The eCryptfs support utilities ecryptfs-utils 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root...
CVE-2009-1296
The CVE-2009-1296 case concerns the eCryptfs utilities (ecryptfs-utils) version 73-0ubuntu6.1 on Ubuntu 9.04, where the mount passphrase is stored in installation logs. The logs are root-readable, so a local attacker could read the log files on disk and obtain the passphrase, potentially gaining ...
Ubuntu: Security Advisory (USN-783-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 9.04 : ecryptfs-utils vulnerability (USN-783-1)
Chris Jones discovered that the eCryptfs support utilities would report the mount passphrase into installation logs when an eCryptfs home directory was selected during Ubuntu installation. The logs are only readable by the root user, but this still left the mount passphrase unencrypted on disk,...
Unclassified NewsBoard 1.6.4 SQL Injection / Disclosure
Author girex Homepage girex.altervista.org Date 31/05/2009 CMS Unclassified NewsBoard 1.6.4 and maybe lower Dork "This board is powered by the Unclassified NewsBoard software, 1.6.4" Multiple remote vulnerabilities 1 Remote SQL Injection php.ini regardless 2 Logs File Disclosure registerglobals =...
Unclassified NewsBoard 1.6.4 Multiple Remote Vulnerabilities
No description provided by source. Author girex Homepage girex.altervista.org Date 31/05/2009 CMS Unclassified NewsBoard 1.6.4 and maybe lower Dork "This board is powered by the Unclassified NewsBoard software, 1.6.4" Multiple remote vulnerabilities 1 Remote SQL Injection php.ini regardless 2 Log...
Unclassified NewsBoard 1.6.4 Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ============================================================ Unclassified NewsBoard 1.6.4 Multiple Remote Vulnerabilities ============================================================ Author girex Date 31/05/2009 CMS Unclassified NewsBoard...
unclassified NewsBoard 1.6.4 - Multiple Vulnerabilities
Author girex Homepage girex.altervista.org Date 31/05/2009 CMS Unclassified NewsBoard 1.6.4 and maybe lower Dork "This board is powered by the Unclassified NewsBoard software, 1.6.4" Multiple remote vulnerabilities 1 Remote SQL Injection php.ini regardless 2 Logs File Disclosure registerglobals =...
unclassified NewsBoard 1.6.4 - Multiple Vulnerabilities
unclassified NewsBoard 1.6.4 - Multiple Vulnerabilities Author girex Homepage girex.altervista.org Date 31/05/2009 CMS Unclassified NewsBoard 1.6.4 and maybe lower Dork "This board is powered by the Unclassified NewsBoard software, 1.6.4" Multiple remote vulnerabilities 1 Remote SQL Injection...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Ulteo Open Virtual Desktop 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to 1 admin/applications.php, 2 admin/appsgroup.php, 3 admin/users.php, 4 admin/usersgroup.php, and 5 admin/tasks.php; 6 show...
PT-2009-4245 · Ulteo · Ulteo Open Virtual Desktop
Name of the Vulnerable Software and Affected Versions: Ulteo Open Virtual Desktop version 1.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting XSS attacks. This can be achieved via several API endpoints, including...