CVE-2008-0581

Geert Moernaut LSrunasE allows local users to gain privileges by obtaining the encrypted password from a batch file, and constructing a modified batch file that specifies this password in the /password switch and specifies an arbitrary program in the /command switch...

CVE-2008-0581

CVE-2008-0581 involves Geert Moernaut LSrunasE and describes a local privilege escalation where a user can obtain the encrypted password from a batch file and then create a modified batch file that uses the /password switch to supply that password and the /command switch to run an arbitrary progr...

[SECURITY] Fedora 7 Update: python-paramiko-1.7.1-3.fc7

Paramiko a combination of the esperanto words for "paranoid" and "friend" is a module for python 2.3 or greater that implements the SSH2 protocol for se cure encrypted and authenticated connections to remote machines. Unlike SSL a ka TLS, the SSH2 protocol does not require heirarchical certificat...

[SECURITY] Fedora 8 Update: python-paramiko-1.7.1-3.fc8

Paramiko a combination of the esperanto words for "paranoid" and "friend" is a module for python 2.3 or greater that implements the SSH2 protocol for se cure encrypted and authenticated connections to remote machines. Unlike SSL a ka TLS, the SSH2 protocol does not require heirarchical certificat...

CVE-2007-6330

Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a 1 cleartext or 2 weakly encrypted format to support client-side login authentication, which makes it easier for remote attackers to obtain database access by capturing credentials via a...

Citrix NetScaler Web Management Cookie Weakness

Citrix NetScaler Web Management Cookie Weakness Product: Citrix NetScaler http://www.citrix.com/lang/English/ps2/index.asp Background: For most web application logins a user fills out an HTTP form, which sets up the user with a session cookie. The cookie content is merely a session ID, which allo...

Security collection: help your hand three exploits tools-vulnerability warning-the black bar safety net

We are talking about here is some for creating security tools and exploits program Security Platform. Security experts to perform penetration tests, system administrators can verify whether the patch has been installed, manufacturers can perform regression testing. First, the Metasploit Framework...

Ubuntu 5.04 / 5.10 / 6.06 LTS : gnupg vulnerability (USN-332-1)

Evgeny Legerov discovered that gnupg did not sufficiently check the validity of the comment and a control field. Specially crafted GPG data could cause a buffer overflow. This could be exploited to execute arbitrary code with the user's privileges if an attacker can trick an user into processing ...

CVE-2003-1423

Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords...

Datagram Transport Layer Security Detection

The remote service is encrypted using Datagram Transport Layer Security DTLS, which provides communications privacy for datagram protocols. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid27057; scriptversion"1.16"; scriptsetattributeattribute:"pluginmodificationdate"...

CVE-2004-2703

The CVE-2004-2703 entry concerns Clearswift MIMEsweeper 5.0.5, upgraded from MAILsweeper SMTP versions, where remote data that is encrypted within a mail message can bypass scanning and be marked as Clean rather than Encrypted. This describes the affected product/function (MIMEsweeper 5.0.5 after...

[SECURITY] Fedora 7 Update: ntfs-3g-1.913-2.fc7

The ntfs-3g driver is an open source, GPL licensed, third generation Linux NTFS driver. It provides full read-write access to NTFS, excluding access to encrypted files, writing compressed files, changing file ownership, access right. Technically it=E2=80=99s based on and a major improvement to th...

Information disclosure

RemoteDocs R-Viewer before 1.6.3768 stores encrypted RDZ file data in unencrypted temporary files, which allows local users to obtain sensitive information by reading the temporary files...

CVE-2007-4751

RemoteDocs R-Viewer before 1.6.3768 stores encrypted RDZ file data in unencrypted temporary files, which allows local users to obtain sensitive information by reading the temporary files...

Samurai download and Samurai articles of the exploit-vulnerability warning-the black bar safety net

One injection vulnerability You can fast forward to see First just point a software download The official update to 2. 4, but the official himself then, but there are also vulnerabilities Oh The download address of the Copy to the next kid inside, I changed%6 9 See? there is no change before is n...

Fedora Core 6 : ipsec-tools-0.6.5-8.fc6 (2007-665)

Mon Apr 23 2007 Steve Grubb - 0.6.5-8 - Upstream fix for Racoon DOS, informational delete must be encrypted - Resolves: rhbz235388 - CVE-2007-1841 ipsec-tools racoon DoS - Fri Apr 20 2007 Steve Grubb - 0.6.5-7 - Resolves: 218386 labeled ipsec does not work over loopback - Mon Apr 16 2007 Steve...

CVE-2007-4093

Minb Is Not a Blog minb stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing usernames and encrypted passwords via a direct request for db/users.db...

CVE-2007-4093

Minb Is Not a Blog minb stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing usernames and encrypted passwords via a direct request for db/users.db...

minb-db.txt

Minb Is Not A Blog default password directory http://sourceforge.net/projects/minb Via looking in a default directory, any user can access the users.db file which contains the username and encrypted password of the person running the board. Try it for your self: www.example.com/minb/db/users.db T...

Use download the vulnerability database to initiate network attacks-vulnerability warning-the black bar safety net

As scripting vulnerability the number one killer-and database download vulnerabilities, now has been more and more people to the art. In this information technology update Fast of the era, the vulnerability produced after the attendant is to respond to the tricks, such as change the database...