McKesson Pathways Homecare 6.5 - Weak Username and Password Encryption

McKesson Pathways Homecare 6.5 - Weak Username and Password Encryption source: https://www.securityfocus.com/bid/3653/info McKesson Pathways Homecare is a client/server application which is used to track patient information, billing information and medical records for home care patients. The...

CVE-2001-1414

The Basic Security Module BSM for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root...

CVE-1999-1372

CVE-1999-1372 concerns the deprecated Triactive Remote Manager with Basic authentication enabled, where credentials are stored in cleartext in registry keys. This storage flaw allows local users to gain privileges due to exposure of usernames and passwords and the local-privilege escalation risk ...

Linux news 4.12.00

Ядро 2.4.0-test12-pre4 Linus выпустил очередное pre ядро следующего тестового 2.4.0. В нем он добавил патчи от Alan'а Cox'a, включил патч от Stephen Tweedie, исправляющий ошибки в инодах и наложил еще несколько патчей от различных разработчиков ... Подробнее: http://www.kernel.org OpenBSD 2.8 is...

Linux news 1.11.00

Linux 2.2.18pre18 Alan Cox выпустил очередную pre-версию следующего стабильного ядра Linux: Linux 2.2.18pre18. Подробнее: http://linuxtoday.com/newsstory..php3?ltsn=2000-10-29-007-04-NW-KN Linux-2.4.0-test10-final Возможно последнее ядро в 2.4.0-test серии. Для релиза 2.4.0-stable ожидается...

CVE-2000-0788

The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic VBA scripts in an Access database, which could allow an attacker to execute arbitrary commands...

Уязвимость в Internet Explorer (Cached Web Credentials)

После вход на защищенную часть сайта IE запоминает имя и пароль пользователя, и может передать их при обращении к незащищенной части, что позволяет перехватить их при передаче, если используется основная basic авторизация...

CVE-2000-0597

Microsoft Office 2000 Excel and PowerPoint and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications VBA SaveAs function, aka the "Office HTML Script...

Advisory CA-2000-16

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CERT Advisory CA-2000-16 Microsoft 'IE Script'/Access/OBJECT Tag Vulnerability Original release date: August 11, 2000 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected Internet Explorer 4.x, 5.x...

CVE-2000-0649

CVE-2000-0649 describes an HTTP internal IP disclosure in IIS 4.0: an attacker can obtain the server’s private IP by requesting a page protected with Basic Authentication (no realm) via HTTP/1.0. Connected documents (Metasploit IIS_INTERNAL_IP module, Nessus/Nessus-like plugin, OpenVAS NASL) corr...

CVE-2000-0649

IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined...

Microsoft IIS 2.0/3.0/4.0/5.0/5.1 - Internal IP Address Disclosure

source: https://www.securityfocus.com/bid/1499/info When a remote user attempts to access an area protected by basic authentication with no realm defined, while specifying HTTP 1.0, Microsoft IIS will return an Access Denied error message containing the internal IP address of the host. Even if II...

CVE-2000-0597

Microsoft Office 2000 Excel and PowerPoint and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications VBA SaveAs function, aka the "Office HTML Script...

CVE-2000-0115

CVE-2000-0115 concerns Microsoft IIS. The vulnerability arises from a denial-of-service condition caused by invalid regular expressions in a Visual Basic script embedded in an ASP page. The root cause is malformed regex handling in VBScript within the ASP context, which can exhaust resources and ...

CVE-2000-0115

IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page...

CVE-1999-0354

This CVE (CVE-1999-0354) affects Internet Explorer 4.x/5.x when paired with Word 97, where a Word 97 template containing executable Visual Basic code can run arbitrary programs on the IE client without warning. The issue also applies to Outlook when viewing a malicious email. The underlying risk ...

CVE-1999-0354

Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message...

CVE-2000-0115

IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page...

PT-2000-1103

Name of the Vulnerable Software and Affected Versions IIS affected versions not specified Description The issue allows local users to cause a denial of service by using invalid regular expressions in a Visual Basic script within an ASP page. Recommendations At the moment, there is no information...

CVE-1999-0853

Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure...