2933 matches found
CVE-2006-0370
Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes...
CVE-2005-4689
Six Apart Movable Type 3.16 stores account names and password hashes in a cookie, which allows remote attackers to login to an account by sniffing the cookie...
NukeETSQL32.txt
Nuke ET 'search' module 'query' variable SQL injection Vendor url: www.truzone.org exploit available:yes vendor notify:yes advisore:http://lostmon.blogspot.com/2005/11/ nuke-et-search-module-query-variable.html Nuke ET have a flaw which can be exploited by malicious people to conduct SQL injectio...
X-News '/db/users.txt' Information Disclosure Vulnerability
X-News is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2004 Audun Larsen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
phpWebSite index.php Search Module SQL Injection
The remote host is running a version of phpWebSite that fails to sanitize user-supplied input to the 'module' parameter of the 'search' module before using it in database queries. An attacker may be able to exploit this issue to obtain sensitive information such as user names and password hashes ...
CVE-2005-3140
Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map passwd.nis as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes...
CVE-2005-3140
Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map passwd.nis as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes...
PT-2005-3964 · Procom · Procom Netforce 800
Name of the Vulnerable Software and Affected Versions: Procom NetFORCE 800 version 4.02 M10 Build 20 and possibly other versions Description: The issue allows remote attackers to obtain cleartext NIS password hashes because the NIS password map passwd.nis is sent as a file attachment in diagnosti...
PHP Advanced Transfer Manager <= 1.30 Multiple Vulnerabilities
The version of PHP Advanced Transfer Manager on the remote host suffers from multiple information disclosure and cross-site scripting flaws. For example, by calling a text or HTML viewer directly, an unauthenticated attacker can view arbitrary files, provided PHP's 'registerglobals' setting is...
Woltlab Burning Board modcp.php Multiple Parameter SQL Injection
The remote version of Burning Board / Burning Board Lite is prone to SQL injection attacks due to its failure to sanitize user-supplied input to the 'x' and 'y' parameters of the 'modcp.php' script before using it in database queries. Provided an attacker has moderator privileges, these flaws may...
CVE-2005-2696
IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book NAB, which allows remote attackers to obtain sensitive information via the 1 password digest field in the Administration tab of a Lotus Notes client, 2 "PasswordDigest" and "HTTPPassword" fields in the...
CVE-2005-2696
CVE-2005-2696 concerns IBM Lotus Notes/NAB where password hashes could be accessed remotely due to improper restriction of access to password hash data. The description specifies three leakage vectors: (1) password digest in the Administration tab of a Notes client, (2) PasswordDigest and HTTPPas...
CVE-2005-2696
IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book NAB, which allows remote attackers to obtain sensitive information via the 1 password digest field in the Administration tab of a Lotus Notes client, 2 "PasswordDigest" and "HTTPPassword" fields in the...
IBM Lotus Notes multiple disclosures of password hashes
Summary ======== A vulnerability describing password hashes disclosure in Domino webmail was published in July 2005.A further test revealed disclosed password hashes in the Lotus Notes client and in Domino LDAP. Details ======= Lotus Notes client can be used to access the Notes Address Book NAB...
Lotus Domino weak files permissions
Database names.nsf with password hashes is world readable...
[NEWS] Default Configuration Information Disclosure in Lotus Domino (Including Password Hashes)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
[UNIX] Blog Torrent Remote User and Password Disclosure
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
IBM Lotus Domino HTML Hidden Field Encrypted Password Disclosure
The remote host is running a version of Lotus Domino Server that is prone to several information disclosure vulnerabilities. Specifically, users' password hashes and other data are included in hidden fields in the public address book 'names.nsf' readable by default by all users. Moreover, Domino...
CVE-2005-2192
SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack...
CVE-2005-2192
CVE-2005-2192 affects SimplePHPBlog 0.4.0 where password hashes are stored in config/password.txt with insufficient access control. This weak file permissions could allow remote attackers to read password hashes and perform brute force attacks to obtain passwords, impacting confidentiality. The a...