279 matches found
PT-2017-18385 · Microsoft · Sql Server Analysis Services +1
Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server Analysis Services versions 2012 through 2016 Description: An information disclosure issue exists due to improper permission enforcement. If an attacker's credentials allow access to an affected SQL server database, they...
Foscam camera firewall misconfiguration vulnerability
Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. There is a misconfiguration vulnerability in the Foscam camera firewall that allows an attacker to perform a brute force attack on credentials despite the presence of a...
IBM Security Privileged Identity Manager Information Disclosure Vulnerability (CNVD-2017-09514)
IBM Security Privileged Identity Manager ISPIM is an identity management product within IBM Identity Governance and Management, an identity governance solution from IBM Corporation, USA, that protects, automates and audits the use of privileged identities,... It is designed to protect, automate a...
CVE-2016-5757
iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials...
CVE-2016-6893
Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account...
CVE-2016-6893
Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account...
The vulnerability of the Radia Client Automation program allows a hacker to gain access to users’ account credentials.
The vulnerability of the Radia Client Automation program relates to deficiencies in restricting access to certain functions. Exploiting this vulnerability allows a malicious actor to list user accounts through the getUsers request, assign a role to a user account through the addAssigneesToRole...
CVE-2015-7996
The Nitro API in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM SVM devices allow attackers to obtain credentials via the browser cach...
DEBIAN-CVE-2015-6524
The LDAPLoginModule implementation in the Java Authentication and Authorization Service JAAS in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-361...
IDS RTU 850 Directory Traversal Vulnerability
OVERVIEW Independent researchers Benjamin Kahler and Sebastian Kraemer of HSASec have identified a directory traversal vulnerability in IDS RTU 850C. IDS has produced a new module that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following ID...
PT-2014-6182 · Bmc · Bmc Track-It!
Name of the Vulnerable Software and Affected Versions: BMC Track-It! version 11.3.0.355 Description: The issue allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information without requiring authentication on TCP port 9010...
Western Digital My Net Devices Information Disclosure Vulnerability
Western Digital My Net Router is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
CVE-2011-3011
BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors...
Lotus Domino HPRAgentName Stack Overflow
Added: 07/08/2011 Background IBM Lotus Domino is a messaging and collaboration solution for multiple platforms. Problem The WebAdmin.nsf resource on the Domino web service contains a buffer overflow vulnerability. Resolution No patch is available at this time. References Limitations This exploit...
CVE-2007-5751
Liferea before 1.4.6 uses weak permissions 0644 for the feedlist.opml backup file, which allows local users to obtain credentials...
SquirrelMail 1.2.x - From Email Header HTML Injection
SquirrelMail 1.2.x - From Email Header HTML Injection source: https://www.securityfocus.com/bid/10450/info SquirrelMail is reported to be prone to a 'from' field email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email...
Multiple security vulnerabilities in Apache 2
Background The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. The goal of this project is to provide a secure, efficient and extensible server that provides services in tune with the current HTTP standards. Description Thre...
Trillian Instant Messaging 0.x - Credential Encryption
Trillian Instant Messaging 0.x - Credential Encryption // source: https://www.securityfocus.com/bid/5677/info The Trillian instant messaging client uses weak encryption to store saved authentication credentials for instant messaging services. The credentials are encrypted by using XOR with a stat...
PassWD2000 v2.x Weak Encryption Vulnerability
== PassWD2000 v2.x Weak Encryption Vulnerability =============== "Success does not consist in never making mistakes but in never making the same one a second time" --- George Bernard Shaw Vulnerable: PassWD2000 2.0 PassWD2000 2.1 PassWD2000 2.2 PassWD2000 2.3 PassWD2000 2.4 PassWD2000 2.5...