IBM Sametime Classic Meeting Server 8.x - 8.5.2.1 Multiple Vulnerabilities - Active Check

IBM Sametime Classic Meeting Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM Sametime Meet Server 8.5 Password Disclosure

Exploit Title: IBM Sametime Meet Server 8.5 Password Disclosure Google Dork: intitle:"Meeting Center - IBM Lotus Sametime" Date: 11/08/2014 CVSS Score: http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=AV:L/AC:L/Au:N/C:P/I:N/A:N CVE-ID:...

CVE-2014-4747

The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser...

CVE-2014-4747

IBM Sametime Classic Meeting Server 8.x up to 8.5.2.1 is affected by CVE-2014-4747, where a physically proximate attacker can read the HTML source in a victim’s browser to discover a meeting password hash. The vulnerability is described as a local issue arising from access to an unattended workst...

CVE-2014-4747

The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser...

CVE-2014-2366

upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code...

Code injection

upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code...

CVE-2014-2366

CVE-2014-2366 affects Advantech WebAccess prior to 7.2, where upAdminPg.asp can disclose credentials to remote authenticated users by exposing them in the HTML source. Evidence from NVD/NIST and multiple advisories confirms the vulnerable component and the credential disclosure flaw, with a high ...

CVE-2014-2366 Advantech WebAccess Cleartext Storage of Sensitive Information in Memory

upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code...

Cisco Intelligent Automation for Cloud Form Data Viewer Utility Vulnerability

A vulnerability in the Form Data Viewer utility of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to view passwords of provisioned systems. The vulnerability is due to the inclusion of passwords in the form data. An attacker could exploit this vulnerability b...

Information disclosure

Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976...

CVE-2014-3298

Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976...

QuickCommerce 2.5/3.0,Cart32 2.5 a/3.0,Shop Express 1.0,StoreCreator 3.0 Web Shopping Cart Hidden Form Field Vulnerability

No description provided by source. E-Commerce Exchange QuickCommerce 2.5/3.0,McMurtrey/Whitaker & Associates Cart32 2.5 a/3.0,Shop Express 1.0,StoreCreator 3.0 Web Shopping Cart Hidden Form Field Vulnerability source: http://www.securityfocus.com/bid/1237/info Various shopping cart applications u...

Joomla Component com_joltcard SQL Injection Vulnerability

No description provided by source. Exploit Title: Joomla Component comjoltcard SQL Injection Vulnerability Date: 17.04.2010 Author: Valentin Category: webapps/0day Version: unknown Tested on: CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: |:: Genera...

CoffeeCup Software Password Wizard 4.0 HTML Source Password Retrieval Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7023/info A problem with the software may make it possible for remote users to gain unauthorized access to restricted resources. This vulnerability exists in Password Wizard configured to generate Java applets to password...

FreePBX 2.5.x - Information Disclosure

FreePBX 2.5.x 'admin/config.php'密码信息泄漏漏洞 1. 漏洞信息 FreePBX是一款用来控制Asterisk的图形化接口。 能访问管理段的用户可以通过查看HTML源代码来获得其他管理员的密码信息。 2.漏洞使用方法 访问管理段用户的url http://localhost/admin/config.php?display=ampusers&userdisplay=admin 查看网页源码 PasswordCreate a password for this new user: 可以看到了密码 3.厂商解决方案 freePBX...

Web Protector 2.0 Trivial Encryption Weakness

No description provided by source. source: http://www.securityfocus.com/bid/7409/info Web protector has been reported prone to a trivial encryption weakness. It has been reported that the method used to obfuscate and protect the HTML source of web pages implementing Web Protector is flawed and ma...

CVE-2014-0215

The blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote authenticated users to de-anonymize student identities by 1 using a screen reader or 2 reading the HTML source...

Design/Logic Flaw

The blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote authenticated users to de-anonymize student identities by 1 using a screen reader or 2 reading the HTML source...

CVE-2014-0215

The blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote authenticated users to de-anonymize student identities by 1 using a screen reader or 2 reading the HTML source...