169 matches found
Sql injection
SQL injection vulnerability in Cisco Unified Communications Manager CUCM 7.1x through 9.11a allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051...
CVE-2013-3404
SQL injection vulnerability in Cisco Unified Communications Manager CUCM 7.1x through 9.11a allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051...
CVE-2013-3770
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Content Server. NOTE: the previous information is from th...
Name.com Data Breach Forces Password Breach
Domain registrar Name.com has informed its customers via email of a data breach and asked them to reset their passwords. The company, based in Denver, said it discovered a breach and customer account information such as encrypted credentials and credit card numbers may have been accessed along wi...
CVE-2008-2291
Symantec Altiris Deployment Solution 6.8.x and 6.9.x prior to 6.9.176 are affected by CVE-2008-2291 due to an insecure credential mechanism in axengine.exe. The service, listening on TCP port 402, generates domain credentials with a fixed salt or no salt at all, enabling remote attackers to guess...
Altiris Deployment Solution < 6.9.176 Multiple Vulnerabilities
The version of the Altiris Deployment Solution installed on the remote host reportedly is affected by several issues : - A SQL injection vulnerability that could allow a user to run arbitrary code CVE-2008-2286. - A remote attacker may be able to obtain encrypted Altiris Deployment Solution domai...
Citrix NetScaler Web Management Cookie Weakness
Citrix NetScaler Web Management Cookie Weakness Product: Citrix NetScaler http://www.citrix.com/lang/English/ps2/index.asp Background: For most web application logins a user fills out an HTTP form, which sets up the user with a session cookie. The cookie content is merely a session ID, which allo...
ultimatedisclose.txt
Update: 12:15 AM 5/14/2005 Subject: " Ultimate Forum Password Database Vulnerability " Vulnerable version: Ultimate Forum 1.0 Description: Ultimate forum is an Open forum i.e. no logon restrictions or private areas. Forum is a text file based. Each forum is multithreaded and stored in a separate...
CVE-2005-0383
Trend Micro Control Manager 3.0 Enterprise Edition allows remote attackers to gain privileges via a replay attack of the encrypted username and password...