yMonda Thread-IT 1.6 - Multiple HTML Injections

yMonda Thread-IT 1.6 - Multiple HTML Injections source: https://www.securityfocus.com/bid/8692/info It has been reported that yMonda Thread-IT is prone to a HTML injection vulnerability that may allow an attacker to execute HTML code in a user's browser. The issue is reported to be present in the...

NullLogic Null HTTPd 0.5.1 - Error Page Long HTTP Request Cross-Site Scripting

NullLogic Null HTTPd 0.5.1 - Error Page Long HTTP Request Cross-Site Scripting source: https://www.securityfocus.com/bid/8695/info It has been reported that Null HTTPd is prone to a cross-site scripting vulnerability when displaying error pages that may allow an attacker to execute HTML or script...

DWebPro 3.4.1 - Http.ini Plaintext Password Storage

source: https://www.securityfocus.com/bid/8438/info A vulnerability has been reported to exist in the DWebPro web server software. This problem allows an attacker to view database authentication credentials by accessing a plain text file named 'http.ini'. An attacker will require read access to...

Moderate: Red Hat Security Advisory: : Updated KDE packages fix security issue

This erratum provides updated KDE packages that resolve a security issue in Konquerer. KDE is a graphical desktop environment for the X Window System. Konqueror is the file manager for the K Desktop Environment. George Staikos reported that Konqueror may inadvertently send authentication...

[SECURITY] [DSA-361-2] New kdelibs-crypto packages fix multiple vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 361-2 [email protected] http://www.debian.org/security/ Matt Zimmerman August 9th, 2003 http://www.debian.org/security/faq -...

CVE-2003-0459

KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites...

Moderate: Red Hat Security Advisory: kdelibs security update

This erratum provides updated KDE packages that resolve a security issue in Konquerer. KDE is a graphical desktop environment for the X Window System. Konqueror is the file manager for the K Desktop Environment. George Staikos reported that Konqueror may inadvertently send authentication...

KDE Security Advisory: Konqueror Referrer Authentication Leak

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: Konqueror Referer Leaking Website Authentication Credentials Original Release Date: 2003-07-29 URL: http://www.kde.org/info/security/advisory-20030729-1.txt 0. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-04...

.netCART Settings.XML - Information Disclosure

source: https://www.securityfocus.com/bid/8210/info .netCART is a web based e-commerce and shopping cart site designed for ASP.NET. It has been alleged that .netCART fails to adequately protect the contents of a directory in a default install. It is therefore reportedly possible for remote users ...

BRS Webweaver 1.0 - Error Page Cross-Site Scripting

source: https://www.securityfocus.com/bid/8037/info BRS WebWeaver is prone to cross-site scripting attacks. The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, BRS WebWeaver includes user requests when generating error pages. Exploitation could permit a...

CVE-2003-0270

The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption XOR with a fixed key for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet o...

Sphera HostingDirector 1.02.03.0 VDS Control Panel - Multiple Cross-Site Scripting Vulnerabilities

Sphera HostingDirector 1.02.03.0 VDS Control Panel - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/7899/info Sphera HostingDirector VDS Control Panel has been reported prone to several cross-site scripting attacks. The vulnerabilities exist due to...

Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl

Exploit for linux platform in category remote exploits ====================================================== Apache ; $host =...

M-TECH P-Synch 6.2.5 - nph-psa.exe?css Cross-Site Scripting

M-TECH P-Synch 6.2.5 - nph-psa.exe?css Cross-Site Scripting source: https://www.securityfocus.com/bid/7745/info P-Synch does not adequately filter HTML code from URL parameters, making it prone to cross-site scripting attacks. Code will be executed in the security context of the system running...

M-TECH P-Synch 6.2.5 - &#039;nph-psa.exe?css&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/7745/info P-Synch does not adequately filter HTML code from URL parameters, making it prone to cross-site scripting attacks. Code will be executed in the security context of the system running P-Synch. This may enable a remote attacker to steal cookie-bas...

Vignette 4/5 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/7687/info Vignette software has been reported prone to multiple cross-site scripting vulnerabilities. Reportedly the issue presents itself, because the Vignette software does not sufficiently sanitize HTML characters from user-supplied data. It may be...

CVE-2003-0270

Apple AirPort Base Station (802.11) is affected by CVE-2003-0270. The administrative protocol on TCP 5009 uses XOR with a fixed key to protect credentials, allowing an attacker that can sniff traffic over Ethernet or non-WEP wireless to obtain administrative access. The flaw impacts confidentiali...

CVE-2003-0270

The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption XOR with a fixed key for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet o...

Apple AirPort Administrative Password Obfuscation &#40;a051203-1&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Apple AirPort Administrative Password Obfuscation Release Date: 05/12/2003 Application: AirPort Base Station ALL Platform: AirPort Base Station Severity: Sensitive information disclosure...

CoffeeCup Software Password Wizard 4.0 - HTML Source Password Retrieval

CoffeeCup Software Password Wizard 4.0 - HTML Source Password Retrieval // source: https://www.securityfocus.com/bid/7023/info A problem with the software may make it possible for remote users to gain unauthorized access to restricted resources. This vulnerability exists in Password Wizard...