898 matches found
CVE-2006-6614
The saveloglocal function in Fully Automatic Installation FAI 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to...
CVE-2006-6614
The CVE-2006-6614 issue affects Fully Automatic Installation (FAI) 2.10.1 (and possibly 3.1.2). When verbose mode is enabled, the save_log_local function writes the root password hash to /var/log/fai/current/fai.log, and the log file’s permissions permit copying to other hosts when fai-savelog is...
CVE-2006-6614
The saveloglocal function in Fully Automatic Installation FAI 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to...
Sun iPlanet Messaging Server 5.2 HotFix 1.16 Root Password Disclosure
No description provided by source. Date: 14 Jun 2006 Vendor: Sun Microsystems, Inc. Name: iPlanet Messaging Server Version: 5.2 HotFix 1.16 built May 14 2003 Vuln: msg.conf symlink attack Severity: high Software description ---------------- The iPlanet Messaging Server is a software product that...
Linux imapd Remote Overflow File Retrieve Exploit
No description provided by source. / This is the remote exploit of the hole in the imap daemon, for Linux. The instruction code is doing open, write, and close system calls, and it adds a line root::0:0.. at the beggining of /etc/passwd change to /etc/shadow if needed. The code needs to be self...
Opsware NAS 6.0 reveals MySQL 'root' password
The Opsware Network Automation System NAS version 6.0 installation places an 'init' style startup script in /etc/init.d/mysqll and places the 'root' password that you choose for the MySQL MAX database during installation. The permissions on this small shell script are world readable, allowing any...
CVE-2006-3597
passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory...
CVE-2006-3597
passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory...
CVE-2006-3597
CVE-2006-3597 is substantiated by Ubuntu USN-316-1: on Ubuntu 6.06 LTS, the installer for alternate/server CDs could leave the root password blank instead of locking it when the user selects Go Back after Installation complete and continues from the main menu. The root password was zeroed in the ...
CVE-2006-3597
passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory...
USN-316-1: installer vulnerability
Iwan Pieterse discovered that, if you select "Go Back" at the final message displayed by the alternate or server CD installer "Installation complete" and then continue with the installation from the installer's main menu, the root password is left blank rather than locked. This was due to an erro...
Sun iPlanet Messaging Server 5.2 HotFix 1.16 - Root Password Disclosure
Sun iPlanet Messaging Server 5.2 HotFix 1.16 - Root Password Disclosure Date: 14 Jun 2006 Vendor: Sun Microsystems, Inc. Name: iPlanet Messaging Server Version: 5.2 HotFix 1.16 built May 14 2003 Vuln: msg.conf symlink attack Severity: high Software description ---------------- The iPlanet Messagi...
Sun iPlanet Messaging Server 5.2 HotFix 1.16 Root Password Disclosure
Exploit for multiple platform in category local exploits ===================================================================== Sun iPlanet Messaging Server 5.2 HotFix 1.16 Root Password Disclosure ===================================================================== Date: 14 Jun 2006 Vendor: Sun...
Sun iPlanet Messaging Server 5.2 HotFix 1.16 - Root Password Disclosure
Date: 14 Jun 2006 Vendor: Sun Microsystems, Inc. Name: iPlanet Messaging Server Version: 5.2 HotFix 1.16 built May 14 2003 Vuln: msg.conf symlink attack Severity: high Software description ---------------- The iPlanet Messaging Server is a software product that provides a centralized location for...
CVE-2006-2452
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges...
CVE-2006-2452
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges...
Default credentials
MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database...
CVE-2006-0146
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PHPOpenChat, 7 MAXdev MD-Pro, and 8 MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via...
CVE-2002-1809
The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database...
Exploit Labs Security Advisory 2005.2
------------------------------------------------------------ - EXPL-A-2005-002 exploitlabs.com Advisory 031 - ------------------------------------------------------------ - Samsung ADSL Modem - AFFECTED PRODUCTS ================= Samsung ADSL Modem Samgsung Eletronics http://www.samsung.com DETAI...