Lucene search
+L

2941 matches found

seebug.org
seebug.org
added 2007/02/14 12:0 a.m.141 views

Lotus Domino <= R6 Webmail Remote Password Hash Dumper Exploit

No description provided by source. !/bin/bash $Id: raptordominohash,v 1.3 2007/02/13 17:27:28 raptor Exp $ raptordominohash - Lotus Domino R5/R6 HTTPPassword dump Copyright c 2007 Marco Ivaldi [email protected] Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, ...

5CVSS6.4AI score0.73635EPSS
Exploits11
Prion
Prion
added 2007/01/30 6:28 p.m.12 views

Improper access control

Siteman 1.1.11 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for data/members.txt...

5CVSS7AI score0.01482EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2007/01/30 6:28 p.m.16 views

Improper access control

Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD...

5CVSS7AI score0.01213EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2007/01/30 6:28 p.m.10 views

CVE-2007-0593

Siteman 1.1.11 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for data/members.txt...

5CVSS6.5AI score0.01482EPSS
Exploits0References7
NVD
NVD
added 2007/01/30 6:28 p.m.12 views

CVE-2007-0594

Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD...

5CVSS6.5AI score0.01213EPSS
Exploits0References3
Cvelist
Cvelist
added 2007/01/30 6:0 p.m.19 views

CVE-2007-0593

Siteman 1.1.11 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for data/members.txt...

6.5AI score0.01482EPSS
Exploits0References7
Cvelist
Cvelist
added 2007/01/30 6:0 p.m.20 views

CVE-2007-0594

Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD...

6.5AI score0.01213EPSS
Exploits0References3
CVE
CVE
added 2007/01/30 6:0 p.m.46 views

CVE-2007-0593

CVE-2007-0593 affects Siteman 1.1.11, where sensitive data is stored under the web root with insufficient access control. An unauthenticated remote attacker can access data/members.txt to download a database containing password hashes. The description, supported by NVD entries, does not provide t...

5CVSS6.5AI score0.01482EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2007/01/18 12:28 a.m.13 views

CVE-2007-0312

wcSimple Poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password hashes via a direct request for password.txt...

7.8CVSS6.4AI score0.0142EPSS
Exploits0References3
Prion
Prion
added 2007/01/18 12:28 a.m.15 views

Improper access control

wcSimple Poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password hashes via a direct request for password.txt...

7.8CVSS6.9AI score0.0142EPSS
Exploits0References3
CVE
CVE
added 2007/01/18 12:0 a.m.45 views

CVE-2007-0312

The CVE-2007-0312 entry concerns wcSimple Poll where sensitive information is stored under the web root with insufficient access control, allowing remote attackers to obtain password hashes via a direct request for password.txt. Root cause: inadequate access restrictions on web-root files. Impact...

7.8CVSS6.4AI score0.0142EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2007/01/18 12:0 a.m.37 views

WoltLab Burning Board search.php Multiple Parameter SQL Injection

The version of Burning Board / Burning Board Lite on the remote host fails to sanitize user input to the 'boardids' parameter of the 'search.php' script before using it in database queries. Regardless of PHP's 'registerglobals' and 'magicquotesgpc' settings, an unauthenticated, remote attacker ca...

7.5CVSS5.6AI score0.01037EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2007/01/12 12:0 a.m.300 views

WordPress Trackback 'wp-trackback.php' 'tb_id' Parameter SQL Injection

The version of WordPress on the remote host fails to properly sanitize input to the 'tbid' parameter of the 'wp-trackback.php' script before using it in database queries. An unauthenticated, remote attacker can leverage this issue to launch SQL injection attacks against the affected application,...

7.5CVSS5.9AI score0.11044EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2007/01/07 12:0 a.m.81 views

WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection

!/usr/bin/python | || | | | | | | | || || \ | |/ || '|/ |/ -| ' \ / -/ |||| /| || / ||||,||| ,|||||||,| || |||||| Proof of concept code from the Hardened-PHP Project NOT FOR DISTRIBUTION PLEASE DO NOT SPREAD THIS CODE -= Wordpress 2.0.5 =- Trackback UTF-7 SQL injection exploit beware of...

7AI score
Exploits0
CVE
CVE
added 2007/01/04 10:0 p.m.38 views

CVE-2006-6866

This CVE concerns STphp EasyNews PRO 4.0, where sensitive data is stored under the web root with insufficient access control. The vulnerability allows remote attackers to retrieve usernames, email addresses, and password hashes via a direct request for data/users.txt. The root cause is inadequate...

7.8CVSS6.8AI score0.02959EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2006/12/31 5:0 a.m.14 views

CVE-2006-6866

STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt...

7.8CVSS6.5AI score0.02959EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2006/09/19 12:0 a.m.22 views

MyReview Admin.php email Parameter SQL Injection

The remote host is running MyReview, an open source paper submission and review web application. The version of MyReview installed on the remote host fails to properly sanitize input to the 'email' parameter before using it in the 'GetMember' function in a database query. Regardless of PHP's...

7.5CVSS5.6AI score0.01086EPSS
Exploits1References1
CERT
CERT
added 2006/09/11 12:0 a.m.38 views

Multiple RSA implementations fail to properly handle signatures

Overview Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Description RSA signatures are used to authenticate the source of a message. To prevent RSA signatures from being forged, messages are padded with data t...

4.3CVSS7.6AI score0.04894EPSS
Exploits1References7
NVD
NVD
added 2006/09/07 12:4 a.m.8 views

CVE-2006-4595

muforum µforum 0.4c stores membres/members.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes...

5CVSS6.4AI score0.01445EPSS
Exploits1References5
Cvelist
Cvelist
added 2006/09/07 12:0 a.m.18 views

CVE-2006-4595

muforum µforum 0.4c stores membres/members.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes...

6.4AI score0.01445EPSS
Exploits1References5
Rows per page
Query Builder