Lucene search
K

203 matches found

Tenable Nessus
Tenable Nessus
added 2005/02/14 12:0 a.m.33 views

GLSA-200502-12 : Webmin: Information leak in Gentoo binary package

The remote host is affected by the vulnerability described in GLSA-200502-12 Webmin: Information leak in Gentoo binary package Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that the Webmin ebuild contains a design flaw. It imports the encrypted local root password into the...

5CVSS5.6AI score0.02204EPSS
Exploits0References2
0day.today
0day.today
added 2005/01/30 12:0 a.m.20 views

Linux ncpfs Local Exploit

Exploit for linux platform in category local exploits ========================= Linux ncpfs Local Exploit ========================= !/bin/sh Had to remove local -r to get it to work via sh on my box Root's encrypted password was in toupper form but the super stated it worked fine for him Gentoo...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2004/09/01 12:0 a.m.47 views

[UNIX] WebAPP Directory Traversal and Encrypted DES Disclosure

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2004/08/25 12:0 a.m.34 views

WebAPP directory traversal and ability to retrieve the DES encrypted password hash

WebAPP is advertised as the internet's most feature rich, easy to run PERL based portal system. Its home site is at http://www.web-app.org/ Some features are : -Easy to Install on standard Unix servers! Windows user-supported only! -User Profiles -Message forums -Private messaging between members...

8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.36 views

Mandrake Linux Security Advisory : samba (MDKSA-2002:081)

A vulnerability in samba versions 2.2.2 through 2.2.6 was discovered by the Debian samba maintainers. A bug in the length checking for encrypted password change requests from clients could be exploited using a buffer overrun attack on the smbd stack. This attack would have to crafted in such a wa...

10CVSS5.6AI score0.51914EPSS
Exploits2References2
securityvulns
securityvulns
added 2003/10/06 12:0 a.m.34 views

Spaiz-Nuke/PHP-nuke multiple bugs

SQL injection during authentication, SQL injection in web-link module, SQL injection in download module, access with encrypted password...

3.5AI score
Exploits0References2Affected Software2
NVD
NVD
added 2003/08/07 4:0 a.m.12 views

CVE-2003-0493

Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID...

10CVSS6.9AI score0.01779EPSS
Exploits1References2
Cvelist
Cvelist
added 2003/06/28 4:0 a.m.18 views

CVE-2003-0493

Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID...

6.9AI score0.01779EPSS
Exploits1References2
NVD
NVD
added 2002/12/11 5:0 a.m.22 views

CVE-2002-1318

Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string...

10CVSS8AI score0.51914EPSS
Exploits2References16
OSV
OSV
added 2002/12/11 5:0 a.m.2 views

DEBIAN-CVE-2002-1318

Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string...

10CVSS8.3AI score0.51914EPSS
Exploits2References1
NVD
NVD
added 2002/08/12 4:0 a.m.18 views

CVE-2002-0790

clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges...

2.1CVSS6.8AI score0.00351EPSS
Exploits0References1
CVE
CVE
added 2002/03/15 5:0 a.m.114 views

CVE-2001-1151

Affected product : Trend Micro OfficeScan Corporate Edition (Virus Buster Corporate Edition). Vulnerability : Remote disclosure of sensitive configuration data via unauthenticated access to /officescan/hotdownload, specifically reading the configuration file ofcscan.ini which contains a weakly en...

5CVSS6.3AI score0.02414EPSS
Exploits0References3Affected Software2
securityvulns
securityvulns
added 2002/01/24 12:0 a.m.74 views

Vulnerabilty in PaintBBS v1.2

PaintBBS Server v1.2 Advisory Author: John Bissell A.K.A. HighT1mes Vulnerable: PaintBBS Server Ver.1.2 Build 010514 Impact: PaintBBS Server 0wn3d Release Date: January, 22, 2002 Contact: [email protected] Vendor Homepage: http://www.ax.sakura.ne.jp/aotama/...

7.1AI score
Exploits0
CVE
CVE
added 2001/09/12 4:0 a.m.43 views

CVE-1999-1073

Technical details about CVE-1999-1073 are not publicly provided in the supplied documents. Monitor for updates from NVD/CVE listings.

7.2CVSS7.3AI score0.00371EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2001/09/12 4:0 a.m.18 views

CVE-1999-1072

Excite for Web Servers EWS 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi...

7AI score0.00419EPSS
Exploits0References1
CVE
CVE
added 2001/09/12 4:0 a.m.66 views

CVE-1999-1072

Excite for Web Servers (EWS) 1.1 is affected by a local-privilege escalation where an attacker who can read Architext.conf (world-readable) can obtain the encrypted password and replay it in an HTTP request to AT-generated.cgi or AT-admin.cgi to gain privileges. Root cause: the password is stored...

7.2CVSS7.1AI score0.00419EPSS
Exploits0References1Affected Software1
CERT
CERT
added 2001/07/24 12:0 a.m.32 views

SSH Secure Shell sshd2 does not adequately authenticate logins to accounts with encrypted password fields containing two or fewer characters

Overview A vulnerability exists in SSH Secure Shell that allows an intruder to log to an account which contains a stored encrypted password of two or fewer characters in length. An intruder may leverage the privileges of such an account to gain full control of the system. Description Certain Unix...

7.2CVSS6.8AI score0.01335EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2001/03/08 12:0 a.m.34 views

MySQL < 3.23.36 Multiple Vulnerabilities

The installed version of MySQL is older than version 3.23.36. Such versions are potentially affected by multiple vulnerabilities : - It is possible to modify arbitrary files and gain privileges by creating a database with '..' characters. CVE-2001-0407 - Users with a MySQL account can use the 'SH...

7.2CVSS5.6AI score0.06992EPSS
Exploits1References7
securityvulns
securityvulns
added 2000/05/17 12:0 a.m.38 views

Дырка в Banner Rotation 01

Файл adpassword.txt открытый на чтение содаржит шифрованный DES пароль администрирования. Кроме того по-умолчанию используется пароль admin...

1AI score
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.50 views

excite-web.txt

Date: Mon, 30 Nov 1998 17:20:04 -0600 From: Michael Gerdts Subject: Security bugs in Excite for Web Servers 1.1 On November 11 I reported the folloing problmes to [email protected]. I have only recieved an automated reply. I have found numerous security concerns with EWS 1.1 which can lead to an...

7.4AI score
Exploits0
Rows per page
Query Builder