Lucene search
K

7170 matches found

securityvulns
securityvulns
added 2001/11/12 12:0 a.m.30 views

Слабое шифрование в Datek Streamer (weak encryption)

Часть важных данных о пользователе уходит по незащищенному каналу...

0.9AI score
Exploits0References1
securityvulns
securityvulns
added 2001/11/12 12:0 a.m.55 views

Stock portfolio sent via clear text in Datek Streamer® application

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 S4R - A Managed Services Company Security - Systems - Storage - Solutions http://www.s4r.com [email protected] Title: Stock portfolio sent via clear text in Datek Streamer® application Date: November 9, 2001 1. Description Although the user's primary Datek...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2001/11/09 12:0 a.m.32 views

IBM AS/400 HTTP Server '/' attack

IBM's HTTP Server on the AS/400 platform is vulnerable to an attack that will show the source code of the page -- such as an .html or .jsp page -- by attaching an '/' to the end of a URL. Compare these two URL's: http://www.foo.com/getsource.jsp http://www.foo.com/getsource.jsp/ The later URL wil...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2001/10/24 12:0 a.m.42 views

Сбор информации о пользователях Check Point VPN-1 (information leakage)

Различные диагностические сообщение на неверное имя пользователя и пароль...

0.8AI score
Exploits0References1Affected Software1
CVE
CVE
added 2001/09/12 4:0 a.m.62 views

CVE-2000-1199

CVE-2000-1199 affects PostgreSQL: usernames and passwords are stored in plaintext in (1) pg_shadow and (2) pg_pwd, enabling attackers with sufficient privileges to access databases. This root cause is plaintext credential storage; impact is described as partial confidentiality, partial integrity,...

4.6CVSS6.8AI score0.00912EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2001/09/12 4:0 a.m.58 views

CVE-1999-1322

The CVE concerns the installation of 1ArcServe Backup and Inoculan AV client modules for Exchange, which can create a log file exchverify.log that stores usernames and passwords in plaintext. Affected components: the Exchange-related client modules for 1ArcServe Backup and Inoculan AV. Underlying...

4.6CVSS7.4AI score0.01503EPSS
Exploits0References2Affected Software3
securityvulns
securityvulns
added 2001/09/06 12:0 a.m.54 views

Очередные проблемы в CGI

Недостаточная проверка shell символов в данных пользователя при вызове внешней команды...

0.4AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2001/09/04 12:0 a.m.34 views

Possible Issue with Netinfo and Mac OS X

Hi, I have been using Mac OS X for quite a while now, and I have just found something that concerns me a little. As you probably know Mac OS X is based on BSD and by default does not have any services running though it is not hard to turn these on thefore is reasonably secure out of the box. Now ...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2001/08/27 12:0 a.m.36 views

security hole in os groupware suite PHProjekt

Overview PHProjekt is an open source groupware suite written in PHP4 with mysql/postgres/oracle/informix/ms-sql support: www.PHProjekt.com The security hole concernes the several modules. Details By modifying the ID number in links an user can view, moduify or delete data of other users randomly...

1AI score
Exploits0
securityvulns
securityvulns
added 2001/08/21 12:0 a.m.30 views

tdforum 1.2 Messageboard

Examination of the program "TDForum 1.2", a guest book style, unthreaded messageboard, for sale at http://www.tdscripts.com http://www.tdavidscripts.com/ aliases the same, revealed a serious client-side security risk to the users of the forum. Because user supplied data is not being sanitized,...

6.4AI score
Exploits0
CERT
CERT
added 2001/08/02 12:0 a.m.64 views

Microsoft Outlook View Control allows execution of arbitrary code and manipulation of user data

Overview A vulnerability exists in an ActiveX control supplied with Microsoft Outlook 2002 that could allow malicious code on a web page or in an HTML email message to manipulate Outlook data or execute arbitrary code as the user running Outlook. Description Microsoft Outlook 2002 installs an...

10CVSS7AI score0.52851EPSS
Exploits0References12
securityvulns
securityvulns
added 2001/05/29 12:0 a.m.49 views

TWIG SQL query bugs

I can't find the person who really in charge on developing twig, so I mail about this bug to the person who announce new version of twig about two month ago. -------------------------------------------------------------------------- Subject: Unquoted SQL query = potential damage Software package:...

7.8AI score
Exploits0
Exploit DB
Exploit DB
added 2001/05/08 12:0 a.m.40 views

DCForum 6.0 - Remote Admin Privilege Arbitrary Commands

source: https://www.securityfocus.com/bid/2728/info DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. Versions of DCForum are vulnerable to attacks which can yield an elevation of privileges and remote execution of arbitrary...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2001/04/25 12:0 a.m.19 views

RaidenFTPd 2.1 - Directory Traversal

RaidenFTPd 2.1 - Directory Traversal source: https://www.securityfocus.com/bid/2655/info Raiden FTPD is susceptible to directory traversal attacks using multiple dots in submitted commands specifying file paths. If the request is properly composed, RaidenFTPD will serve files outside of the...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2001/04/25 12:0 a.m.37 views

RaidenFTPd 2.1 - Directory Traversal

source: https://www.securityfocus.com/bid/2655/info Raiden FTPD is susceptible to directory traversal attacks using multiple dots in submitted commands specifying file paths. If the request is properly composed, RaidenFTPD will serve files outside of the intended webroot, potentially compromising...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2001/04/16 12:0 a.m.16 views

FreeBSD 4.2-stable - FTPd glob() Remote Buffer Overflow

FreeBSD 4.2-stable - FTPd glob Remote Buffer Overflow source: https://www.securityfocus.com/bid/2548/info The BSD ftp daemon and derivatives such as IRIX ftpd or the ftp daemon shipped with Kerberos 5 contain a number of buffer overflows that may lead to a compromise of root access to malicious...

1AI score
Exploits0
Exploit DB
Exploit DB
added 2001/04/16 12:0 a.m.30 views

OpenBSD 2.x < 2.8 FTPd - 'glob()' Remote Buffer Overflow

// source: https://www.securityfocus.com/bid/2548/info The BSD ftp daemon and derivatives such as IRIX ftpd or the ftp daemon shipped with Kerberos 5 contain a number of buffer overflows that may lead to a compromise of root access to malicious users. During parsing operations, the ftp daemon...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2001/03/28 12:0 a.m.36 views

Apache Tomcat 3.0 - Directory Traversal

source: https://www.securityfocus.com/bid/2518/info Apache Tomcat in a Windows NT environment could be led to traverse the normal directory structure and return requested files from outside of the document root. By including '/../' sequences along with specially chosen characters in requested URL...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2001/03/27 12:0 a.m.34 views

anaconda clipper 3.3 - Directory Traversal

source: https://www.securityfocus.com/bid/2512/info Clipper is a headline-gathering tool from Anaconda! Partners which, in certain versions, is vulnerable to directory traversal attacks. By including '/../' sequences in requested URLs, an attacker can cause the retrieval of arbitrary files,...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2001/03/20 12:0 a.m.20 views

Aspseek Buffer Overflow

|---------------------------------------------------------------------------------------| / Product: Aspseek Search Engine. Vendor URL: www.aspseek.org / Tested on: v1.0.0 - v1.0.3 Freeware Linux Vendor Contact: Mailed on 8th March NO Reply Vendor Patched though / |-- The Problem,...

7.6AI score
Exploits0
Rows per page
Query Builder