Lucene search
+L

3078 matches found

Positive Technologies
Positive Technologies
added 2009/03/31 12:0 a.m.5 views

PT-2009-1033 · Nss Ldap · Nss Ldap

Name of the Vulnerable Software and Affected Versions: nss-ldapd versions prior to 0.6.8 Description: The issue is related to errors in privilege management, allowing a local user to obtain the cleartext password for the LDAP server. This can be achieved by reading the bindpw field from the...

5.5CVSS5.2AI score0.00925EPSS
Exploits2References22
ATTACKERKB
ATTACKERKB
added 2009/01/22 4:30 p.m.1 views

CVE-2009-0250

Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash via a direct request for config/password...

5CVSS5.4AI score0.06282EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2009/01/15 12:0 a.m.41 views

WowWee Rovio Insufficient Access Controls

SUMMARY WowWee Rovio - Insufficient Access Controls - Covert Audio/Video Snooping Possible OVERVIEW Rovio from WowWee does not adequately secure all accessible URLs or media streams, enabling an unauthorized user with network access to the robotic webcam platform the ability to listen to and view...

0.5AI score
Exploits0
seebug.org
seebug.org
added 2008/11/27 12:0 a.m.30 views

Ocean12 Calendar Manager Gold Database Disclosure Vulnerability

No description provided by source. --------------------------------------------------------- Portal Name: Ocean12 Calendar Manager Gold Version: 2.04 Vendor : http://ocean12tech.com/products/o12calgold Dork: Maintained with the Ocean12 Calendar Manager Gold v2.04 Author : PouyaServer ,...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2008/09/22 1:27 p.m.4 views

JBossEAP allows download of non-EJB class files

The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform aka JBossEAP or EAP, possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain...

4.3CVSS7.4AI score0.01621EPSS
Exploits1References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.12 views

WirelessIP5000 has multiple vulnerabilities

Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...

7.5CVSS7AI score0.00345EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2008/03/31 12:0 a.m.4 views

PT-2008-3126 · Mysql Server · Phpmyadmin

Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions prior to 2.11.5.1 Description: The issue allows local users to obtain sensitive information, including the MySQL username, password, and the Blowfish secret key, which are stored in cleartext in a Session file under /tmp...

5.5CVSS5.1AI score0.00296EPSS
Exploits0References21
securityvulns
securityvulns
added 2008/01/21 12:0 a.m.818 views

boastMachine <=3.1 SQL Injection Vulnerbility

...:::::boastMachine =3.1 SQL Injection Vulnerbility ::::.... Virangar Security Team www.virangar.org www.virangar.net -------- Discoverd By :virangar security teamhadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all hackerz greetz:to my best friend in the...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/12/16 12:0 a.m.91 views

HP Info Center ActiveX code execution

Few unsafe methods are explosed...

9.3CVSS1.5AI score0.3012EPSS
Exploits4References2Affected Software1
seebug.org
seebug.org
added 2007/11/21 12:0 a.m.26 views

SkyPortal vRC6 Multiple Remote Vulnerabilities

No description provided by source. WwW.BugReport.ir BugReport Security Research & Penetration Testing Group Title: Sky Portal Multiple SQL Injection Vulnerabilities Vendor: http://skyportal.net Exploitation: Remote with browser Fix Available: Patched In Last Version In Vendor Leaders : Shahin...

7.1AI score
Exploits0
OSV
OSV
added 2007/09/08 1:17 a.m.5 views

DEBIAN-CVE-2007-4755

Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service client disconnect by sending a clientconnect command in a forged packet from the server to a client. NOTE: client IP addresses are available via product-specific queries...

5CVSS6.9AI score0.02195EPSS
Exploits1References1
seebug.org
seebug.org
added 2007/07/31 12:0 a.m.14 views

VMware Inc 6.0.0 CreateProcess Remote Code Execution Exploit

No description provided by source. :. GOODFELLAS Security Research TEAM .: :. http://goodfellas.shellcode.com.ar .: VmWare Inc version 6.0.0 CreateProcess & CreateProcessEx Remode Code Execution Exploit ====================================================================================== Interna...

7.1AI score
Exploits0
myhack58
myhack58
added 2006/10/11 12:0 a.m.46 views

JSP vulnerabilities large-vulnerability warning-the black bar safety net

Overview: The server vulnerability is a security Origin, a hacker on the site of the attack is also mostly from the Find each other's vulnerabilities. So only understand its own vulnerability, the site managers to take appropriate measures to prevent foreign attacks. The following describes some ...

6.8AI score
Exploits0
Metasploit
Metasploit
added 2006/09/17 8:0 a.m.25 views

McAfee Subscription Manager Stack Buffer Overflow

This module exploits a flaw in the McAfee Subscription Manager ActiveX control. Due to an unsafe use of vsprintf, it is possible to trigger a stack buffer overflow by passing a large string to one of the COM-exposed routines, such as IsAppExpired. This vulnerability was discovered by Karl Lynn of...

6.8CVSS7.3AI score0.33824EPSS
Exploits7
securityvulns
securityvulns
added 2006/04/05 12:0 a.m.39 views

[Full-disclosure] WebEOC Vuln - more info

Hi Guys, Doing a pen test I have come up with a WebEOC server. There are a few vulns listed at: http://secunia.com/advisories/16075/ specifically I am interested in : "6 Sensitive information is exposed in URIs, stored in publicly accessible configuration files, and in the HTML code returned to...

0.5AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.38 views

Microsoft SQL (MSSQL) Server Detection (TCP/IP Listener)

Microsoft SQL MSSQL Server detection based on an exposed TCP/IP listener. SPDX-FileCopyrightText: 2005 Nicolas Gregoire Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.9AI score
Exploits0
Symantec
Symantec
added 2004/12/14 12:0 a.m.18 views

Microsoft Windows LSASS Connection Validation Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege escalation vulnerability through LSASS Local Security Authority Subsystem Service. The vulnerability appears to be due to an error in the implementation of an enhanced access control feature. Attackers can exploit this vulnerability to...

7.1AI score
Exploits0References2Affected Software3
RedHat Linux
RedHat Linux
added 2004/10/22 3:6 p.m.5 views

security flaw

CUPS 1.1.20 and earlier records authentication information for a device URI in the errorlog file, which allows local users to obtain user names and passwords...

2.1CVSS5.8AI score0.00445EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2004/08/09 12:0 a.m.70 views

thttpd 2.0.7 Directory Traversal (Windows)

The remote web server fails to limit requests to items within the document directory. An attacker may exploit this flaw to read arbitrary files on the remote system with the privileges of the http process. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid14229;...

5CVSS5.6AI score0.03623EPSS
Exploits1References2
securityvulns
securityvulns
added 2003/03/22 12:0 a.m.18667 views

Sad-Raven GuestBook

Product : Sad-Raven GuestBook Version : 1.1 WebSite : http://www.sad-raven.ru Problem : Admin access rus Description: ------------ Если посмотреть файл admin.php, можно увидеть следующие строки: admin.php ========= ... if fileexists"passwd.dat" && $QUERYSTRING != "": require "passwd.dat";...

7.1AI score
Exploits0
Rows per page
Query Builder