netsupport.txt

To the moderator, this is my first bugtraq posting, feel free to make any changes you feel nessessary to make this more helpful. Thank you very much Vendor : NetSupport URL : http://www.netsupport-inc.com/ Version : Invision NetSupport School Pro Risk : Password protection weakness Description:...

MSWordPW.txt

Hi ... There are several vulnerabilities published/discussed regarding MS Word MS Office in general, however, 'tis is the most "no brainer" I've discovered ... Vulnerability: Password protected document that has "tracked changes, comments or forms" password protected Vulnerable: MS Word Win2K/XP...

[Full-Disclosure] NetSupport School Pro: Password encryption weaknesses

Vendor : NetSupport URL : http://www.netsupport-inc.com/ Version : Invision NetSupport School Pro Risk : Password protection weakness Description: NetSupport School, market leading training tool for the modern classroom featuring full student remote control, application & internet monitoring,...

Cisco personal assistant protection bypass

It's possible to bypass password protection...

CVE-2003-1376

WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder...

Mac OS X LDAP plugins transmit user credentials in clear text

Overview Versions 10.2 and later of Apple's MacOS X operating system include support for the Lightweight Directory Access Protocol LDAP. A vulnerability in the way some of these versions of MacOS X handle authentication in certain environments could expose user's passwords in plaintext as they're...

Desktop Orbiter Server Detection

The remote host is running a Desktop Orbiter Satellite. This service could be used by an attacker to partially take control of the remote system, as it is not password protected. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

WinMX 2.6 - Design Error

WinMX 2.6 - Design Error WinMX Design Error Vendor: Frontcode Technologies Product: WinMX Version: = 2.6 Website: http://www.winmx.com/ BID: 7771 Description: WinMX 2.6 is an older version of the popular file sharing client WinMX. While the current version is 3.31, 2.6 still remains quite popular...

WinMX < 2.6 - Design Error

WinMX Design Error Vendor: Frontcode Technologies Product: WinMX Version: = 2.6 Website: http://www.winmx.com/ BID: 7771 Description: WinMX 2.6 is an older version of the popular file sharing client WinMX. While the current version is 3.31, 2.6 still remains quite popular. Especially amongst user...

CVE-2002-1449

eUpload 1.0 stores the password.txt password file in plaintext under the web document root, which allows remote attackers to overwrite arbitrary files by reading password.txt...

CVE-2002-1546

BRS WebWeaver Web Server 1.01 allows remote attackers to bypass password protections for files and directories via an HTTP request containing a "/./" sequence...

CVE-2002-1546

The CVE-2002-1546 issue affects BRS WebWeaver Web Server 1.01 and allows remote attackers to bypass password protections for files and directories by sending an HTTP request that includes a "/./" sequence. This is a path traversal-like bypass vulnerability. According to the source data, the vulne...

uploader.php vulnerability

Uploader Version 1.1 which is available from http://www.phpscriptcenter.com/uploader.php includes "uploader.php", which lets you upload ANY file even scripts eg. in PHP onto the server if no password protection is specified in the configuration file default set to off. The supplied files will be...

CoffeeCup Software Password Wizard 4.0 - HTML Source Password Retrieval

CoffeeCup Software Password Wizard 4.0 - HTML Source Password Retrieval // source: https://www.securityfocus.com/bid/7023/info A problem with the software may make it possible for remote users to gain unauthorized access to restricted resources. This vulnerability exists in Password Wizard...

Unpassworded 'demos' Account

The account 'demos' has no password set. An attacker may use this account to gain further privileges on the system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "demos"; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11242; scriptversion"1.35";...

Unpassworded 'sync' Account

The account 'sync' has no password set. An attacker may use this to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "sync"; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11247; scriptversion"1.34";...

acFTP unauthorized access

Bug in password protection...

[SecurityOffice] BadBlue Web Server v1.7 Protected File Access Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: MD5 - -- BadBlue Web Server v1.7 Protected File Access Vulnerability -- - -- Type File Disclosure - -- Release Date October 24, 2002 - -- Product / Vendor BadBlue is a very small footprint, Win32 web server that supports a suprisingly large array of...

Savant Web Server 3.1 - File Disclosure

Savant Web Server 3.1 - File Disclosure source: https://www.securityfocus.com/bid/5709/info Savant Webserver is vulnerable to an input validation bug, that could allow malicious users access to password protected folders. It should be noted that versions below 3.1 may also be vulnerable to this...

Trillian Instant Messaging 0.x - Credential Encryption

// source: https://www.securityfocus.com/bid/5677/info The Trillian instant messaging client uses weak encryption to store saved authentication credentials for instant messaging services. The credentials are encrypted by using XOR with a static key that is used with every installation of the...