5685 matches found
Уязвимости Arkeia Backup (weak encryption)
Весь протокол обмена трафиком между клиентом и сервером не зашифрован. Используются стандартные DES-пароли...
Arkeia Possible remote root & information leakage
Arkeia 4.2 - other versions not tested Possible remote root & information leakage Sumary Arkeia www.arkeia.com is from their webpage: "Arkeia simplifies data protection by providing automated backup and recovery.The system supports a wide variety of computers, operating systems and storage device...
LinkMax.txt
---------------------------------------------------------- Release date: May 21th 2001 Subject: WebAvail LinkMax2 ASP security problem Systems affected: All systems running LinkMax2 ASP script Vendor: http://www.webavail.com ---------------------------------------------------------- 1. problem...
CVE-2001-0273
CVE-2001-0273 affects pgp4pine 1.75-6. The module fails to verify whether public keys loaded from GnuPG are expired, which can lead to encrypt attempts returning errors while the cleartext message is transmitted. According to CERT/CC and NVD entries, the vulnerability can cause sensitive informat...
SmartWin CyberOffice Shopping Cart 2.0 - Client Information Disclosure
source: https://www.securityfocus.com/bid/1734/info Smartwin Technology CyberOffice Shopping Cart is a shopping cart application for e-commerce enabled websites running Windows NT 4.0 or 2000. It is possible for a remote user to gain read access to the private directory on a website running...
SmartWin CyberOffice Shopping Cart 2.0 - Client Information Disclosure
SmartWin CyberOffice Shopping Cart 2.0 - Client Information Disclosure source: https://www.securityfocus.com/bid/1734/info Smartwin Technology CyberOffice Shopping Cart is a shopping cart application for e-commerce enabled websites running Windows NT 4.0 or 2000. It is possible for a remote user ...
CVE-2000-0350
A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is enabled, which allows a remote attacker to bypass the weak authentication and post unencrypted events...
Omnis Studio 2.4 - Weak Database Field Encryption
source: https://www.securityfocus.com/bid/1255/info Omnis Studio 2.4 is a development tool for creating database applications. The tool gives developers the option to encrypt database entries. However, the encryption scheme used is weak and easily broken with any scientific calculator or even pen...
CVE-2000-0350
A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is enabled, which allows a remote attacker to bypass the weak authentication and post unencrypted events...
X Server Detection
The remote host is running an X11 server. X11 is a client-server protocol that can be used to display graphical applications running on a given host on a remote client. Since the X11 traffic is not ciphered, it is possible for an attacker to eavesdrop on the connection. C Tenable Network Security...
CVE-2000-0271
read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords...
CVE-2000-0271
In CVE-2000-0271, Emacs 20’s read-passwd and related Lisp functions do not properly clear the history of recently typed keys. This can allow an attacker to read unencrypted passwords stored in the command history. The issue is rooted in the Lisp password/history handling within Emacs 20. The prov...
vqserver /........../
Version tested: vqserver 1.9.9 for windows The webserver vqserver follows /........../ in requests. http://host/........../autoexec.bat gives the autoexec.bat file. More serious, http://host/........../some/path/vq/server/cfg/server.cfg where /some/path/ could be anything, but normally...
PcAnywhere weak password encryption
PcAnywhere weak password encryption ---- Discussion ---- PcAnywhere 9.0.0 set to its default security value uses a trivial encryption method so user names and password are not sent directly in clear. Since most users have the encryption methods set to either "none" or "PcAnyWhere", their password...
CVE-1999-0727
CVE-1999-0727 affects the OpenBSD kernel, where a kernel leak could allow IPsec packets to be sent unencrypted. Documents confirm the root cause is a kernel leak in the OpenBSD kernel, with impact described as partial confidentiality (IPsec traffic could be exposed). The available sources do not ...
CVE-1999-0361
CVE-1999-0361 affects NetWare deployments running LaserFiche (Novell NetWare version of LaserFiche). The vulnerable component is the storage of usernames and passwords in unencrypted form, and the vulnerability allows administrative changes to occur without logging. Public documentation consisten...
CVS pserver Detection
Concurrent Versions System CVS, an open source versioning system, is running on the remote port. The CVS server can be accessed either using third-party tools e.g., RSH or SSH or via the 'pserver' protocol, which is unencrypted. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
NIS Server Detection
The remote host is an NIS Network Information Service server. NIS is used to share usernames, passwords, and other sensitive information among the hosts claiming to be within a given NIS domain and passes this information over the network unencrypted. C Tenable Network Security, Inc...
Telnet Service Detection
The Telnet service is running. This service is dangerous in the sense that it is not ciphered - that is, everyone can sniff the data that passes between the telnet client and the telnet server. This includes logins and passwords. C Tenable Network Security, Inc. include"compat.inc"; ifdescription...
compulink-laserfiche-passwd.txt
Date: Thu, 28 Jan 1999 10:21:55 -0800 From: Darren Rogers To: [email protected] Subject: Compulink LaserFiche Client/Server - unencrypted passwords Background: LaserFiche is a popular client-server imaging system, which according to their website, 'is the trusted imaging system used by Fortune...