111 matches found
iplanet calendar server 5.0p2 exposes Netscape Admin Server master password
at the time of writing, 5.0p2 is the currently available revision on iplanet's download site. the problem: the standard install of iPlanet Calendar server stores the NAS LDAP admin username and password in plaintext in the world readable file: -rw-r--r-- 1 icsuser icsgroup 37882 Feb 20 10:18...
CVE-2001-0195
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking...
CVE-2000-0164
The installation of Sun Internet Mail Server SIMS creates a world-readable file that allows local users to obtain passwords...
CVE-2000-0552
ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information...
Дыркав WebDATA
Пользователь может импортировать в базу любой открытый на чтение локальный файл и получить к нему доступ...
CVE-2000-0552
ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information...
Intel Corporation Shiva Access Manager 5.0 - Solaris World Readable LDAP Password
source: https://www.securityfocus.com/bid/1329/info The Shiva Access Manager is a solution for centralized remote access authentication, authorization, and accounting offered by Intel. It runs on Solaris and Windows NT. Shiva Access Manager is vulnerable to a default configuration problem in its...
CVE-2000-0164
The installation of Sun Internet Mail Server SIMS creates a world-readable file that allows local users to obtain passwords...
CVE-1999-0982
The Sun Web-Based Enterprise Management WBEM installation script stores a password in plaintext in a world readable file...
PT-1999-1502 · Sun · Sun Wbem
Name of the Vulnerable Software and Affected Versions: Sun Web-Based Enterprise Management WBEM affected versions not specified Description: The issue concerns the storage of a password in plaintext within a world-readable file by the Sun Web-Based Enterprise Management WBEM installation script...
CVE-1999-1072
Excite for Web Servers EWS 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi...