Lucene search
+L

2933 matches found

cvelist
cvelist
added 2006/01/22 8:0 p.m.26 views

CVE-2006-0370

Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes...

6.7AI score0.01762EPSS
Exploits1References7
nvd
nvd
added 2005/12/31 5:0 a.m.10 views

CVE-2005-4689

Six Apart Movable Type 3.16 stores account names and password hashes in a cookie, which allows remote attackers to login to an account by sniffing the cookie...

5CVSS6.8AI score0.01184EPSS
Exploits0References2
packetstorm
packetstorm
added 2005/11/30 12:0 a.m.24 views

NukeETSQL32.txt

Nuke ET 'search' module 'query' variable SQL injection Vendor url: www.truzone.org exploit available:yes vendor notify:yes advisore:http://lostmon.blogspot.com/2005/11/ nuke-et-search-module-query-variable.html Nuke ET have a flaw which can be exploited by malicious people to conduct SQL injectio...

7.4AI score
Exploits0
openvas
openvas
added 2005/11/03 12:0 a.m.23 views

X-News '/db/users.txt' Information Disclosure Vulnerability

X-News is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2004 Audun Larsen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.3AI score0.08051EPSS
Exploits1References2
nessus
nessus
added 2005/10/14 12:0 a.m.18 views

phpWebSite index.php Search Module SQL Injection

The remote host is running a version of phpWebSite that fails to sanitize user-supplied input to the 'module' parameter of the 'search' module before using it in database queries. An attacker may be able to exploit this issue to obtain sensitive information such as user names and password hashes ...

7.5CVSS5.6AI score0.01086EPSS
Exploits1References3
nvd
nvd
added 2005/10/05 9:2 p.m.10 views

CVE-2005-3140

Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map passwd.nis as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes...

7.5CVSS7.6AI score0.01856EPSS
Exploits0References3
cvelist
cvelist
added 2005/10/05 4:0 a.m.16 views

CVE-2005-3140

Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map passwd.nis as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes...

7.6AI score0.01856EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2005/10/05 12:0 a.m.4 views

PT-2005-3964 · Procom · Procom Netforce 800

Name of the Vulnerable Software and Affected Versions: Procom NetFORCE 800 version 4.02 M10 Build 20 and possibly other versions Description: The issue allows remote attackers to obtain cleartext NIS password hashes because the NIS password map passwd.nis is sent as a file attachment in diagnosti...

7.5CVSS6.6AI score0.01856EPSS
Exploits0References5
nessus
nessus
added 2005/09/21 12:0 a.m.38 views

PHP Advanced Transfer Manager <= 1.30 Multiple Vulnerabilities

The version of PHP Advanced Transfer Manager on the remote host suffers from multiple information disclosure and cross-site scripting flaws. For example, by calling a text or HTML viewer directly, an unauthenticated attacker can view arbitrary files, provided PHP's 'registerglobals' setting is...

5.7AI score
Exploits0References1
nessus
nessus
added 2005/08/30 12:0 a.m.31 views

Woltlab Burning Board modcp.php Multiple Parameter SQL Injection

The remote version of Burning Board / Burning Board Lite is prone to SQL injection attacks due to its failure to sanitize user-supplied input to the 'x' and 'y' parameters of the 'modcp.php' script before using it in database queries. Provided an attacker has moderator privileges, these flaws may...

7.5CVSS5.7AI score0.0105EPSS
Exploits1References2
nvd
nvd
added 2005/08/26 3:50 p.m.22 views

CVE-2005-2696

IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book NAB, which allows remote attackers to obtain sensitive information via the 1 password digest field in the Administration tab of a Lotus Notes client, 2 "PasswordDigest" and "HTTPPassword" fields in the...

5CVSS5.9AI score0.02235EPSS
Exploits7References2
cve
cve
added 2005/08/25 4:0 a.m.103 views

CVE-2005-2696

CVE-2005-2696 concerns IBM Lotus Notes/NAB where password hashes could be accessed remotely due to improper restriction of access to password hash data. The description specifies three leakage vectors: (1) password digest in the Administration tab of a Notes client, (2) PasswordDigest and HTTPPas...

5CVSS5.9AI score0.02235EPSS
Exploits7References2Affected Software1
cvelist
cvelist
added 2005/08/25 4:0 a.m.28 views

CVE-2005-2696

IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book NAB, which allows remote attackers to obtain sensitive information via the 1 password digest field in the Administration tab of a Lotus Notes client, 2 "PasswordDigest" and "HTTPPassword" fields in the...

5.9AI score0.02235EPSS
Exploits7References2
securityvulns
securityvulns
added 2005/08/22 12:0 a.m.38 views

IBM Lotus Notes multiple disclosures of password hashes

Summary ======== A vulnerability describing password hashes disclosure in Domino webmail was published in July 2005.A further test revealed disclosed password hashes in the Lotus Notes client and in Domino LDAP. Details ======= Lotus Notes client can be used to access the Notes Address Book NAB...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2005/08/22 12:0 a.m.77 views

Lotus Domino weak files permissions

Database names.nsf with password hashes is world readable...

7.1CVSS0.5AI score0.73635EPSS
Exploits11References2Affected Software1
securityvulns
securityvulns
added 2005/08/14 12:0 a.m.45 views

[NEWS] Default Configuration Information Disclosure in Lotus Domino &#40;Including Password Hashes&#41;

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

6.5AI score
Exploits0
securityvulns
securityvulns
added 2005/08/14 12:0 a.m.26 views

[UNIX] Blog Torrent Remote User and Password Disclosure

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

7.2AI score
Exploits0
nessus
nessus
added 2005/07/27 12:0 a.m.139 views

IBM Lotus Domino HTML Hidden Field Encrypted Password Disclosure

The remote host is running a version of Lotus Domino Server that is prone to several information disclosure vulnerabilities. Specifically, users' password hashes and other data are included in hidden fields in the public address book 'names.nsf' readable by default by all users. Moreover, Domino...

5CVSS5.4AI score0.73635EPSS
Exploits10References2
cvelist
cvelist
added 2005/07/10 4:0 a.m.22 views

CVE-2005-2192

SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack...

6.7AI score0.0406EPSS
Exploits0References2
cve
cve
added 2005/07/10 4:0 a.m.45 views

CVE-2005-2192

CVE-2005-2192 affects SimplePHPBlog 0.4.0 where password hashes are stored in config/password.txt with insufficient access control. This weak file permissions could allow remote attackers to read password hashes and perform brute force attacks to obtain passwords, impacting confidentiality. The a...

5CVSS7.1AI score0.0406EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder