Gentoo Security Advisory GLSA 201101-07 (Prewikka)

The remote host is missing updates announced in advisory GLSA 201101-07. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

rhn-client-tools: authorized information disclosure

yum-rhn-plugin in Red Hat Network Client Tools aka rhn-client-tools on Red Hat Enterprise Linux RHEL 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security...

proc File Descriptors Directory Permissions bypass

Exploit for unknown platform in category local exploits ================================================== proc File Descriptors Directory Permissions bypass ================================================== Title: proc File Descriptors Directory Permissions bypass CVE-ID: OSVDB-ID: Author: Pave...

HyperVM weak permissions

Passwords and private keys are stored in world-readable file...

CVE-2002-2301

Lawson Financials 8.0, when configured to use a third party relational database, stores usernames and passwords in a world-readable file, which allows local users to read the passwords and log onto the database...

CVE-2006-3495

AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users...

CVE-2006-3495

AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users...

x-news 1

The remote web server contains a PHP application that is prone to information disclosure. Description : X-News is a news management system, written in PHP. X-News uses a flat-file database to store information. It will run on most Unix and Linux variants, as well as Microsoft Windows operating...

fetchmail security announcement 2005-02 (CVE-2005-3088)

fetchmail-SA-2005-02: security announcement Topic: password exposure in fetchmailconf Author: Matthias Andree Version: 1.02 Announced: 2005-10-21 Type: insecure creation of file Impact: passwords are written to a world-readable file Danger: medium Credits: Thomas Wolff, Miloslav Trmac for pointin...

CVE-2001-1481

Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges...

PeerFTP FTP Server weak encryption

User passwords are stored in the world readable file...

WinFTP weak encryption

Cleartext passwords are stored in the world readable file...

Debian DSA-073-1 : imp - 3 remote exploits

The Horde team released version 2.2.6 of IMP a web-based IMAP mail program which fixes three security problems. Their release announcement describes them as follows : - A PHPLIB vulnerability allowed an attacker to provide a value for the array element $PHPLIBlibdir, and thus to get scripts from...

GLSA-200409-10 : multi-gnome-terminal: Information leak

The remote host is affected by the vulnerability described in GLSA-200409-10 multi-gnome-terminal: Information leak multi-gnome-terminal contains debugging code that has been known to output active keystrokes to a potentially unsafe location. Output has been seen to show up in the...

CVE-2004-1367

Oracle 10g Database Server, when installed with a password that contains an exclamation point "!" for the 1 DBSNMP or 2 SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SY...

QNX Photon Weak Permissions

Clipboard content is stored in world readable file...

Слабые разрешения в Unixware (weak permissions)

Файл /var/adm/isl/ifile открытый на чтение содержит пароль администратора...

CVE-1999-1072

Excite for Web Servers (EWS) 1.1 is affected by a local-privilege escalation where an attacker who can read Architext.conf (world-readable) can obtain the encrypted password and replay it in an HTTP request to AT-generated.cgi or AT-admin.cgi to gain privileges. Root cause: the password is stored...

CVE-2001-0195

sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking...

iplanet calendar server 5.0p2 exposes Netscape Admin Server master password

at the time of writing, 5.0p2 is the currently available revision on iplanet's download site. the problem: the standard install of iPlanet Calendar server stores the NAS LDAP admin username and password in plaintext in the world readable file: -rw-r--r-- 1 icsuser icsgroup 37882 Feb 20 10:18...